[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 3 20:12:37 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a61afb8e by security tracker role at 2025-02-03T20:12:30+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,317 @@
+CVE-2025-25181 (A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraC ...)
+ TODO: check
+CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_ ...)
+ TODO: check
+CVE-2025-25065 (SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0. ...)
+ TODO: check
+CVE-2025-25064 (SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in ...)
+ TODO: check
+CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
+ TODO: check
+CVE-2025-25062 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
+ TODO: check
+CVE-2025-24898 (rust-openssl is a set of OpenSSL bindings for the Rust programming lan ...)
+ TODO: check
+CVE-2025-24781 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24697 (Missing Authorization vulnerability in Realwebcare Image Gallery \u201 ...)
+ TODO: check
+CVE-2025-24684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24661 (Deserialization of Untrusted Data vulnerability in MagePeople Team Tax ...)
+ TODO: check
+CVE-2025-24660 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24643 (Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy all ...)
+ TODO: check
+CVE-2025-24642 (Missing Authorization vulnerability in theme funda Setup Default Featu ...)
+ TODO: check
+CVE-2025-24639 (Insertion of Sensitive Information Into Sent Data vulnerability in GRE ...)
+ TODO: check
+CVE-2025-24631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24605 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-24576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24569 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-24559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24556 (Insertion of Sensitive Information into Log File vulnerability in Dual ...)
+ TODO: check
+CVE-2025-24545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-24536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23819 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-23799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-23527 (Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows ...)
+ TODO: check
+CVE-2025-23491 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22978 (eladmin <=2.7 is vulnerable to CSV Injection in the exception log down ...)
+ TODO: check
+CVE-2025-22775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22704 (Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri Word ...)
+ TODO: check
+CVE-2025-22703 (Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge ...)
+ TODO: check
+CVE-2025-22701 (Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler ...)
+ TODO: check
+CVE-2025-22695 (Authorization Bypass Through User-Controlled Key vulnerability in NirW ...)
+ TODO: check
+CVE-2025-22694 (Missing Authorization vulnerability in theDotstore Hide Shipping Metho ...)
+ TODO: check
+CVE-2025-22693 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22691 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-22690 (Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimb ...)
+ TODO: check
+CVE-2025-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimi ...)
+ TODO: check
+CVE-2025-22686 (Missing Authorization vulnerability in GSheetConnector CF7 Google Shee ...)
+ TODO: check
+CVE-2025-22685 (Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to K ...)
+ TODO: check
+CVE-2025-22684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22681 (Missing Authorization vulnerability in Xfinity Soft Content Cloner all ...)
+ TODO: check
+CVE-2025-22679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22677 (Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows ...)
+ TODO: check
+CVE-2025-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-22260 (Missing Authorization vulnerability in Pixelite Meta Tag Manager. This ...)
+ TODO: check
+CVE-2025-20643 (In DA, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2025-20642 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+ TODO: check
+CVE-2025-20641 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+ TODO: check
+CVE-2025-20640 (In DA, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2025-20639 (In DA, there is a possible out of bounds write due to a missing bounds ...)
+ TODO: check
+CVE-2025-20638 (In DA, there is a possible read of uninitialized heap data due to unin ...)
+ TODO: check
+CVE-2025-20637 (In network HW, there is a possible system hang due to an uncaught exce ...)
+ TODO: check
+CVE-2025-20636 (In secmem, there is a possible out of bounds write due to a missing bo ...)
+ TODO: check
+CVE-2025-20635 (In V6 DA, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2025-20634 (In Modem, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2025-20633 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20632 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-20631 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
+ TODO: check
+CVE-2025-0974 (A vulnerability, which was classified as critical, has been found in M ...)
+ TODO: check
+CVE-2025-0973 (A vulnerability classified as critical was found in CmsEasy 7.7.7.9. T ...)
+ TODO: check
+CVE-2025-0972 (A vulnerability classified as problematic has been found in Zenvia Mov ...)
+ TODO: check
+CVE-2025-0971 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
+ TODO: check
+CVE-2025-0970 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
+ TODO: check
+CVE-2025-0015 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
+ TODO: check
+CVE-2024-6790 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
+ TODO: check
+CVE-2024-57968 (Advantive VeraCore before 2024.4.2.1 allows remote authenticated users ...)
+ TODO: check
+CVE-2024-57967 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
+ TODO: check
+CVE-2024-57966 (libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absol ...)
+ TODO: check
+CVE-2024-57669 (Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.3 ...)
+ TODO: check
+CVE-2024-57522 (SourceCodester Packers and Movers Management System v1.0 is vulnerable ...)
+ TODO: check
+CVE-2024-57498 (Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allow ...)
+ TODO: check
+CVE-2024-57452 (ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in co ...)
+ TODO: check
+CVE-2024-57450 (ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create templa ...)
+ TODO: check
+CVE-2024-57362
+ REJECTED
+CVE-2024-57238 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL In ...)
+ TODO: check
+CVE-2024-57237 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross ...)
+ TODO: check
+CVE-2024-57175 (A Stored Cross-Site Scripting (XSS) vulnerability was identified in th ...)
+ TODO: check
+CVE-2024-57099 (ClassCMS v4.8 has a code execution vulnerability. Attackers can exploi ...)
+ TODO: check
+CVE-2024-57098 (Moss v0.1.3 version has an SQL injection vulnerability that allows att ...)
+ TODO: check
+CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admi ...)
+ TODO: check
+CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 al ...)
+ TODO: check
+CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 ...)
+ TODO: check
+CVE-2024-56921 (An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registrat ...)
+ TODO: check
+CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch loader ...)
+ TODO: check
+CVE-2024-55456 (lunasvg v3.0.1 was discovered to contain a segmentation violation via ...)
+ TODO: check
+CVE-2024-54840 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
+ TODO: check
+CVE-2024-53943 (An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
+ TODO: check
+CVE-2024-53942 (An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
+ TODO: check
+CVE-2024-50656 (itsourcecode Placement Management System 1.0 is vulnerable to Cross Si ...)
+ TODO: check
+CVE-2024-50500 (Missing Authorization vulnerability in By Averta Shortcodes and extra ...)
+ TODO: check
+CVE-2024-49843 (Memory corruption while processing IOCTL from user space to handle GPU ...)
+ TODO: check
+CVE-2024-49840 (Memory corruption while Invoking IOCTL calls from user-space to valida ...)
+ TODO: check
+CVE-2024-49839 (Memory corruption during management frame processing due to mismatch i ...)
+ TODO: check
+CVE-2024-49838 (Information disclosure while parsing the OCI IE with invalid length.)
+ TODO: check
+CVE-2024-49837 (Memory corruption while reading CPU state data during guest VM suspend ...)
+ TODO: check
+CVE-2024-49834 (Memory corruption while power-up or power-down sequence of the camera ...)
+ TODO: check
+CVE-2024-49833 (Memory corruption can occur in the camera when an invalid CID is used.)
+ TODO: check
+CVE-2024-49832 (Memory corruption in Camera due to unusually high number of nodes pass ...)
+ TODO: check
+CVE-2024-45584 (Memory corruption can occur when a compat IOCTL call is followed by a ...)
+ TODO: check
+CVE-2024-45582 (Memory corruption while validating number of devices in Camera kernel ...)
+ TODO: check
+CVE-2024-45573 (Memory corruption may occour while generating test pattern due to nega ...)
+ TODO: check
+CVE-2024-45571 (Memory corruption may occour occur when stopping the WLAN interface af ...)
+ TODO: check
+CVE-2024-45569 (Memory corruption while parsing the ML IE due to invalid frame content ...)
+ TODO: check
+CVE-2024-45561 (Memory corruption while handling IOCTL call from user-space to set la ...)
+ TODO: check
+CVE-2024-45560 (Memory corruption while taking a snapshot with hardware encoder due to ...)
+ TODO: check
+CVE-2024-43333 (Incorrect Privilege Assignment vulnerability in NotFound Admin and Sit ...)
+ TODO: check
+CVE-2024-38420 (Memory corruption while configuring a Hypervisor based input virtual d ...)
+ TODO: check
+CVE-2024-38418 (Memory corruption while parsing the memory map info in IOCTL calls.)
+ TODO: check
+CVE-2024-38417 (Information disclosure while processing IO control commands.)
+ TODO: check
+CVE-2024-38416 (Information disclosure during audio playback.)
+ TODO: check
+CVE-2024-38414 (Information disclosure while processing information on firmware image ...)
+ TODO: check
+CVE-2024-38413 (Memory corruption while processing frame packets.)
+ TODO: check
+CVE-2024-38412 (Memory corruption while invoking IOCTL calls from user-space to kernel ...)
+ TODO: check
+CVE-2024-38411 (Memory corruption while registering a buffer from user-space to kernel ...)
+ TODO: check
+CVE-2024-38404 (Transient DOS when registration accept OTA is received with incorrect ...)
+ TODO: check
+CVE-2024-36437 (The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) a ...)
+ TODO: check
+CVE-2024-20147 (In Bluetooth FW, there is a possible reachable assertion due to improp ...)
+ TODO: check
+CVE-2024-20142 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2024-20141 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
+ TODO: check
+CVE-2024-13347 (The Essential WP Real Estate WordPress plugin through 1.1.3 does not e ...)
+ TODO: check
+CVE-2024-12859 (The BoomBox Theme Extensions plugin for WordPress is vulnerable to Loc ...)
+ TODO: check
+CVE-2024-12511 (With address book access, SMB/FTP settings could be modified, redirect ...)
+ TODO: check
+CVE-2024-12510 (If LDAP settings are accessed, authentication could be redirected to a ...)
+ TODO: check
+CVE-2024-11134 (The Eventer plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2024-11133 (The Eventer plugin for WordPress is vulnerable to unauthorized access ...)
+ TODO: check
+CVE-2024-11132 (The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
+ TODO: check
+CVE-2024-10395 (No proper validation of the length of user input in http_server_get_co ...)
+ TODO: check
CVE-2025-0967 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
NOT-FOR-US: code-projects Chat System
CVE-2025-0961 (A vulnerability, which was classified as problematic, has been found i ...)
@@ -2977,7 +3291,7 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.41-1 (bug #1093877)
CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
- {DLA-4037-1}
+ {DSA-5857-1 DLA-4037-1}
- openjdk-8 <unfixed> (bug #1093878)
- openjdk-11 11.0.26+4-1
- openjdk-17 17.0.14+7-1
@@ -5152,7 +5466,7 @@ CVE-2024-10775 (The Piotnet Addons For Elementor plugin for WordPress is vulnera
CVE-2025-23061 (Mongoose before 8.9.5 can improperly use a nested $where filter with a ...)
NOT-FOR-US: Mongoose
CVE-2025-23013 (In Yubico pam-u2f before 1.3.1, local privilege escalation can sometim ...)
- {DSA-5853-1}
+ {DSA-5853-1 DLA-4040-1}
- pam-u2f 1.3.1-1
NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/a96ef17f74b8e4ed80a97322120af1a228a1ffb7 (pam_u2f-1.3.1)
NOTE: Fixed by: https://github.com/Yubico/pam-u2f/commit/08199144d870a63275a4601dbc6751ac68d48301 (pam_u2f-1.3.1)
@@ -21342,7 +21656,7 @@ CVE-2024-52340 (Improper Neutralization of Input During Web Page Generation (XSS
CVE-2024-52339 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52304 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.10.11-1 (bug #1088109)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
NOTE: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71 (v3.10.11)
@@ -78400,7 +78714,7 @@ CVE-2024-4140 (An excessive memory use issue (CWE-770) exists in Email-MIME, bef
CVE-2024-4029 (A vulnerability was found in Wildfly\u2019s management interface. Due ...)
- wildfly <itp> (bug #752018)
CVE-2024-30251 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.9.5-1 (bug #1070364)
[buster] - python-aiohttp <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/05/02/4
@@ -81979,6 +82293,7 @@ CVE-2024-28185 (Judge0 is an open-source online code execution system. The appli
CVE-2024-28076 (The SolarWinds Platform was susceptible to a Arbitrary Open Redirectio ...)
NOT-FOR-US: SolarWinds
CVE-2024-27306 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DLA-4041-1}
- python-aiohttp 3.9.5-1 (bug #1070665)
[bookworm] - python-aiohttp <ignored> (Minor issue)
[buster] - python-aiohttp <postponed> (Minor issue)
@@ -104734,6 +105049,7 @@ CVE-2023-6780 (An integer overflow was found in the __vsyslog_internal function
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2024-0003;hb=HEAD
NOTE: https://sourceware.org/cgit/glibc/tree/advisories/GLIBC-SA-2024-0003
CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DLA-4041-1}
- python-aiohttp 3.9.5-1 (bug #1062708)
[bookworm] - python-aiohttp <ignored> (Minor issue)
[buster] - python-aiohttp <no-dsa> (Minor issue)
@@ -104742,7 +105058,7 @@ CVE-2024-23829 (aiohttp is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 (master)
NOTE: https://github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82 (v3.9.2)
CVE-2024-23334 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.9.5-1 (bug #1062709)
[buster] - python-aiohttp <no-dsa> (Minor issue)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
@@ -116772,14 +117088,14 @@ CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces a
CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...)
NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security)
CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.9.1-1 (bug #1057164)
[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
NOTE: https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc (master)
NOTE: https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a (v3.9.0b1)
CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.9.1-1 (bug #1057163)
[buster] - python-aiohttp <postponed> (Minor issue, limited request smuggling)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
@@ -118797,6 +119113,7 @@ CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed for
CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all versio ...)
NOT-FOR-US: ASUSTeK
CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ {DLA-4041-1}
- python-aiohttp 3.8.1-1
[buster] - python-aiohttp <no-dsa> (Minor issue)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
@@ -118808,7 +119125,7 @@ CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing t
CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...)
NOT-FOR-US: Kyverno
CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
- {DSA-5828-1}
+ {DSA-5828-1 DLA-4041-1}
- python-aiohttp 3.8.6-1
[buster] - python-aiohttp <no-dsa> (Minor issue)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61afb8efa867d5b4501cb1c92e435c8dc3d299e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a61afb8efa867d5b4501cb1c92e435c8dc3d299e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250203/0a602b3c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list