Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c027d6c9 by security tracker role at 2024-11-17T20:12:09+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1272,7 +1272,8 @@ CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With
Wifi 6 Ax1800 and Dlink
NOT-FOR-US: D-Link
CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to
Arbitrary C ...)
TODO: check
-CVE-2024-21540 (All versions of the package source-map-support are vulnerable
to Direc ...)
+CVE-2024-21540
+ REJECTED
TODO: check
CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions
improperly valida ...)
- python3.12 <not-affected> (Fixed with first upload to Debian unstable)
@@ -43794,6 +43795,7 @@ CVE-2024-35240 (Umbraco Commerce is an open source
dotnet ecommerce solution. In
CVE-2024-35239 (Umbraco Commerce is an open source dotnet web forms solution.
In affec ...)
NOT-FOR-US: Umbraco Commerce
CVE-2024-35226 (Smarty is a template engine for PHP, facilitating the
separation of pr ...)
+ {DLA-3956-1}
- smarty3 3.1.48-2 (bug #1072530)
- smarty4 4.5.4-1 (bug #1072529)
NOTE:
https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
@@ -78321,7 +78323,7 @@ CVE-2023-52161 (The Access Point functionality in
eapol_auth_key_handle in eapol
- iwd 2.14-1 (bug #1064062)
NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
NOTE:
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=6415420f1c92012f64063c131480ffcef58e60ca
(2.14)
-CVE-2024-0793
+CVE-2024-0793 (A flaw was found in kube-controller-manager. This issue occurs
when th ...)
NOT-FOR-US: kube-controller-manager
CVE-2024-25580 (An issue was discovered in gui/util/qktxhandler.cpp in Qt
before 5.15. ...)
[experimental] - qt6-base 6.6.2+dfsg-1
@@ -79571,7 +79573,7 @@ CVE-2023-6681 (A vulnerability was found in JWCrypto.
This flaw allows an attack
[bullseye] - python-jwcrypto <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2260843
NOTE:
https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8
(v1.5.1)
-CVE-2023-6110 [deleting a non existing access rule deletes another existing
access rule in it's scope]
+CVE-2023-6110 (A flaw was found in OpenStack. When a user tries to delete a
non-exist ...)
- python-openstackclient 6.3.0-2
[bookworm] - python-openstackclient <no-dsa> (Minor issue)
[bullseye] - python-openstackclient <no-dsa> (Minor issue)
@@ -80028,7 +80030,7 @@ CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0
through 6.0.3.8 and 6.1.0.0
NOT-FOR-US: IBM
CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions
1.7.44 and ...)
NOT-FOR-US: Grav CMS
-CVE-2023-4639 [Cookie Smuggling/Spoofing]
+CVE-2023-4639 (A flaw was found in Undertow, which incorrectly parses cookies
with ce ...)
- undertow <unfixed> (bug #1063539)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
CVE-2023-3966 (A flaw was found in Open vSwitch where multiple versions are
vulnerabl ...)
@@ -106338,7 +106340,7 @@ CVE-2023-38040 (A reflected XSS vulnerability exists
in Revive Adserver 5.4.1 an
NOT-FOR-US: Revive Adserver
CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to
Server- ...)
NOT-FOR-US: Dropbox Folder Share plugin for WordPress
-CVE-2023-43091 [Code injection via service.json file]
+CVE-2023-43091 (A flaw was found in GNOME Maps, which is vulnerable to a code
injectio ...)
- gnome-maps 45~rc-1
[bookworm] - gnome-maps <ignored> (Minor issue, mostly hardening since
service.json served from fixed/trusted source)
[bullseye] - gnome-maps <not-affected> (Vulnerable code not present)
@@ -132169,6 +132171,7 @@ CVE-2023-28449
CVE-2023-28448 (Versionize is a framework for version tolerant
serializion/deserializa ...)
NOT-FOR-US: Versionize (firecracker-microvm / framework for version
tolerant serializion/deserialization of Rust data structures)
CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions
smarty did n ...)
+ {DLA-3956-1}
- smarty3 3.1.48-1 (bug #1033964)
[bookworm] - smarty3 <no-dsa> (Minor issue)
[buster] - smarty3 <no-dsa> (Minor issue)
@@ -132372,8 +132375,7 @@ CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier
starts another program with an u
NOT-FOR-US: WAB-MAT
CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax
Search Pro W ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-1419
- RESERVED
+CVE-2023-1419 (A script injection vulnerability was found in the Debezium
database co ...)
NOT-FOR-US: Debezium
CVE-2023-1418 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering
System
@@ -142554,8 +142556,7 @@ CVE-2023-6717 (A flaw was found in the SAML client
registration in Keycloak that
NOT-FOR-US: Keycloak
CVE-2023-6544 (A flaw was found in the Keycloak package. This issue occurs due
to a p ...)
NOT-FOR-US: Keycloak
-CVE-2023-0657
- RESERVED
+CVE-2023-0657 (A flaw was found in Keycloak. This issue occurs due to
improperly enfo ...)
NOT-FOR-US: Keycloak
CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS
allows a re ...)
NOT-FOR-US: SonicOS
@@ -177389,7 +177390,7 @@ CVE-2022-3218 (Due to a reliance on client-side
authentication, the WiFi Mouse (
CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the
product ...)
NOT-FOR-US: VBASE
CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1,
libs/plugins/function.ma ...)
- {DLA-3262-1}
+ {DLA-3956-1 DLA-3262-1}
- smarty3 3.1.47-1 (bug #1019897)
- smarty4 4.2.1-1 (bug #1019896)
NOTE: https://github.com/smarty-php/smarty/issues/454
@@ -322124,8 +322125,7 @@ CVE-2020-25721 (Kerberos acceptors need easy access
to stable AD identifiers (eg
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557
NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html
-CVE-2020-25720
- RESERVED
+CVE-2020-25720 (A vulnerability was found in Samba where a delegated
administrator wit ...)
- samba 2:4.17.8+dfsg-1
[bullseye] - samba <ignored> (Domain controller functionality is EOLed,
see DSA DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed,
see DSA-5015-1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c027d6c99b28b6368ffb34d35ade2df9ffbe6e28
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c027d6c99b28b6368ffb34d35ade2df9ffbe6e28
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
