[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 15 09:12:38 BST 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ffba85b7 by security tracker role at 2024-09-15T08:12:31+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2024-8868 (A vulnerability was found in code-projects Crud Operation System 1.0. ...)
+ TODO: check
+CVE-2024-8867 (A vulnerability was found in Perfex CRM 3.1.6. It has been declared as ...)
+ TODO: check
+CVE-2024-8866 (A vulnerability was found in AutoCMS 5.4. It has been classified as pr ...)
+ TODO: check
+CVE-2024-8865 (A vulnerability was found in composiohq composio up to 0.5.8 and class ...)
+ TODO: check
+CVE-2024-8864 (A vulnerability has been found in composiohq composio up to 0.5.6 and ...)
+ TODO: check
+CVE-2024-8863 (A vulnerability, which was classified as problematic, was found in aim ...)
+ TODO: check
+CVE-2024-45460 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45459 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45458 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45457 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45456 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-45455 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44063 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44062 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-44060 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
CVE-2024-8862 (A vulnerability, which was classified as critical, has been found in h ...)
TODO: check
CVE-2024-6482 (The Login with phone number plugin for WordPress is vulnerable to priv ...)
@@ -117759,7 +117789,7 @@ CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics libra
NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv
NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3)
CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5438-1 DLA-3549-1 DLA-3394-1}
+ {DSA-5438-1 DLA-3887-1 DLA-3549-1 DLA-3394-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697)
- pjproject <removed>
- ring 20230922.0~ds1-1
@@ -163735,7 +163765,7 @@ CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to vers
CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...)
NOT-FOR-US: Makedeb Mist
CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1
- pjproject <removed>
- ring 20230206.0~ds1-1
@@ -186781,7 +186811,7 @@ CVE-2022-31033 (The Mechanize library is used for automating interaction with we
CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of software ...)
NOT-FOR-US: Tuleap
CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1017005)
@@ -205414,7 +205444,7 @@ CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation
CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...)
NOT-FOR-US: Express OpenID Connect
CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -205544,7 +205574,7 @@ CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific pat
NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/
NOTE: See CVE-2022-29187 for further fixes
CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <unfixed>
@@ -205552,7 +205582,7 @@ CVE-2022-24764 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m
NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00
CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-3036-1}
- asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -205600,7 +205630,7 @@ CVE-2022-24755 (Bareos is open source software for backup, archiving, and recove
NOTE: https://github.com/bareos/bareos/pull/1121
NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/
CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...)
- {DLA-3549-1 DLA-2962-1}
+ {DLA-3887-1 DLA-3549-1 DLA-2962-1}
- asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
- ring 20230206.0~ds1-1 (bug #1014998)
@@ -209892,7 +209922,7 @@ CVE-2022-23610 (wire-server provides back end services for Wire, an open source
CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...)
NOT-FOR-US: iTunesRPC-Remastered
CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -210029,14 +210059,14 @@ CVE-2022-23549 (Discourse is an option source discussion platform. Prior to vers
CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...)
NOT-FOR-US: Discourse
CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5358-1 DLA-3549-1 DLA-3335-1}
+ {DSA-5358-1 DLA-3887-1 DLA-3549-1 DLA-3335-1}
- asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092)
- ring 20230206.0~ds1-1
- pjproject <removed>
@@ -222437,7 +222467,7 @@ CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole wa
NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4
NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2)
CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -222448,7 +222478,7 @@ CVE-2022-21723 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm
NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896
CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -222996,7 +223026,7 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio
CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...)
NOT-FOR-US: solidus_frontend
CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -223101,7 +223131,7 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili
CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...)
NOT-FOR-US: Solidus
CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225501,7 +225531,7 @@ CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when
NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136
NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/
CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225509,7 +225539,7 @@ CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An at
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225517,7 +225547,7 @@ CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_crea
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225525,7 +225555,7 @@ CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -225533,7 +225563,7 @@ CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create.
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337
CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -242360,7 +242390,7 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to
CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...)
NOT-FOR-US: Shopware
CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
+ {DSA-5285-1 DLA-3887-1 DLA-3549-1 DLA-3194-1 DLA-2962-1}
- asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
@@ -254801,7 +254831,7 @@ CVE-2021-32687 (Redis is an open source, in-memory database that persists on dis
- redis 5:6.0.16-1
NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q
CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...)
- {DSA-4999-1 DLA-2962-1}
+ {DSA-4999-1 DLA-3887-1 DLA-2962-1}
- asterisk 1:16.16.1~dfsg-2 (bug #991931)
[stretch] - asterisk <not-affected> (Vulnerable code not present)
- pjproject <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffba85b76e64c9cf44ae91482a0b98728ae9a5c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffba85b76e64c9cf44ae91482a0b98728ae9a5c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240915/6daef95f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list