diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 7c9a74fc21df..988f3adb3b3a 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,11592 +1,11626 @@
+ <vuln vid="0a82bc4d-a129-11ef-8351-589cfc0f81b0">
+ <topic>icinga2 -- TLS Certificate Validation Bypass</topic>
+ <affects>
+ <package>
+ <name>icinga2</name>
+ <range><lt>2.14.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Icinga project reports:</p>
+ <blockquote cite="https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c">
+ <p>Icinga is a monitoring system which checks the availability of
+ network resources, notifies users of outages, and generates performance
+ data for reporting. The TLS certificate validation in all Icinga
+ 2 versions starting from 2.4.0 was flawed, allowing an attacker to
+ impersonate both trusted cluster nodes as well as any API users
+ that use TLS client certificates for authentication (ApiUser objects
+ with the client_cn attribute set). This vulnerability has been
+ fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2024-49369</cvename>
+ <url>https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/</url>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2024-49369</url>
+ </references>
+ <dates>
+ <discovery>2024-11-12</discovery>
+ <entry>2024-11-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="33236f80-a11d-11ef-a964-1c697a616631">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20241112</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01101.html">
<p>
A potential security vulnerability in some 4th and 5th Generation
Intel Xeon Processors may allow denial of service. Intel released
microcode updates to mitigate this potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01079.html">
<p>
Potential security vulnerabilities in some Intel Xeon processors using
Intel Software Guard Extensions (Intel SGX) may allow escalation of
privilege. Intel released firmware updates to mitigate these
potential vulnerabilities.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-21853</cvename>
<cvename>CVE-2024-23918</cvename>
<cvename>CVE-2024-21820</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112</url>
</references>
<dates>
<discovery>2024-09-10</discovery>
<entry>2024-09-10</entry>
</dates>
</vuln>
<vuln vid="305ceb2c-9df8-11ef-a660-d85ed309193e">
<topic>x11vnc -- access to shared memory segments</topic>
<affects>
<package>
<name>x11vnc</name>
<range><lt>0.9.16_8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-29074">
<p>scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls,
which allows access by actors other than the current user.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2020-29074</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2020-29074</url>
</references>
<dates>
<discovery>2020-11-18</discovery>
<entry>2024-11-08</entry>
</dates>
</vuln>
<vuln vid="adffe51e-9df5-11ef-a660-d85ed309193e">
<topic>lrzsz -- Integer overflow in zmodem, crash and information leak</topic>
<affects>
<package>
<name>lrzsz</name>
<range><lt>0.12.20_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-10195">
<p>Lrzsz has an integer overflow vulernability in the
src/zm.c:zsdata() function. An attacker could exploit this with
the sz command to cause a crash or potentially leak information
to the receiving server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2018-10195</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2018-10195</url>
</references>
<dates>
<discovery>2018-04-26</discovery>
<entry>2024-11-08</entry>
</dates>
</vuln>
<vuln vid="776aaafc-939f-11ef-87ad-a8a15998b5cb">
<topic>tnef -- An attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message</topic>
<affects>
<package>
<name>tnef</name>
<range><lt>1.4.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18">
<p>In tnef before 1.4.18, an attacker may be able to write to the
victim's .ssh/authorized_keys file via an e-mail message with
a crafted winmail.dat application/ms-tnef attachment, because of a
heap-based buffer over-read involving strdup.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-18849</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2019-18849</url>
</references>
<dates>
<discovery>2019-11-11</discovery>
<entry>2024-10-26</entry>
</dates>
</vuln>
<vuln vid="70cf37c8-939b-11ef-87ad-a8a15998b5cb">
<topic>tnef -- Invalid read and write operations, controlled by an attacker</topic>
<affects>
<package>
<name>tnef</name>
<range><le>1.4.12</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="http://www.debian.org/security/2017/dsa-3798">
<p>CVE-2017-6307: An issue was discovered in tnef before
1.4.13. Two OOB Writes have been identified in
src/mapi_attr.c:mapi_attr_read(). These might lead to
invalid read and write operations, controlled by an
attacker.</p>
</blockquote>
<blockquote cite="http://www.debian.org/security/2017/dsa-3798">
<p>CVE-2017-6308: An issue was discovered in tnef before
1.4.13. Several Integer Overflows, which can lead to Heap
Overflows, have been identified in the functions that wrap
memory allocation.</p>
</blockquote>
<blockquote cite="http://www.debian.org/security/2017/dsa-3798">
<p>CVE-2017-6309: An issue was discovered in tnef before
1.4.13. Two type confusions have been identified in the
parse_file() function. These might lead to invalid read and
write operations, controlled by an attacker.</p>
</blockquote>
<blockquote cite="http://www.debian.org/security/2017/dsa-3798">
<p>CVE-2017-6310: An issue was discovered in tnef before
1.4.13. Four type confusions have been identified in the
file_add_mapi_attrs() function. These might lead to invalid
read and write operations, controlled by an attacker.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2017-6307</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-6307</url>
<cvename>CVE-2017-6308</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-6308</url>
<cvename>CVE-2017-6309</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-6309</url>
<cvename>CVE-2017-6310</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-6310</url>
</references>
<dates>
<discovery>2017-02-24</discovery>
<entry>2024-10-26</entry>
</dates>
</vuln>
<vuln vid="96266fc9-1200-43b5-8393-4c51f54bb7bc">
<topic>electron32 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.2.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.2.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-10230.</li>
<li>Security: backported fix for CVE-2024-10231.</li>
<li>Security: backported fix for CVE-2024-10229.</li>
<li>Security: backported fix for CVE-2024-10487.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-10230</cvename>
<url>https://github.com/advisories/GHSA-g4gj-m346-585c</url>
<cvename>CVE-2024-10231</cvename>
<url>https://github.com/advisories/GHSA-3wfx-mj93-vf8v</url>
<cvename>CVE-2024-10229</cvename>
<url>https://github.com/advisories/GHSA-3hjp-j522-245f</url>
<cvename>CVE-2024-10487</cvename>
<url>https://github.com/advisories/GHSA-h72p-7xmw-gpp8</url>
</references>
<dates>
<discovery>2024-11-08</discovery>
<entry>2024-11-08</entry>
</dates>
</vuln>
<vuln vid="d48a2224-9b4c-11ef-bdd9-4ccc6adda413">
<topic>gstreamer1-rtsp-server -- Potential Denial-of-Service (DoS) with specially crafted client requests</topic>
<affects>
<package>
<name>gstreamer1-rtsp-server</name>
<range><ge>1.18.0</ge><lt>1.24.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qingpeng Du reports:</p>
<blockquote cite="https://gstreamer.freedesktop.org/security/sa-2024-0004.html">
<p>A series of specially crafted client requests during streaming setup
(post client authentication, if any) can cause the RTSP server library
to abort, if it has been compiled with assertions enabled.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-44331</cvename>
<url>https://gstreamer.freedesktop.org/security/sa-2024-0004.html</url>
</references>
<dates>
<discovery>2024-10-29</discovery>
<entry>2024-11-07</entry>
</dates>
</vuln>
<vuln vid="ab254c9d-9c36-11ef-8c1c-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>130.0.6723.116</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>130.0.6723.116</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[370217726] High CVE-2024-10826: Use after free in Family Experiences. Reported by Anonymous on 2024-09-29</li>
<li>[375065084] High CVE-2024-10827: Use after free in Serial. Reported by Anonymous on 2024-10-23</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-10826</cvename>
<cvename>CVE-2024-10827</cvename>
<url>https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-11-05</discovery>
<entry>2024-11-06</entry>
</dates>
</vuln>
<vuln vid="ecf9a798-9aa9-11ef-a8f0-a8a15998b5cb">
<topic>libqb -- Buffer overflow</topic>
<affects>
<package>
<name>libqb</name>
<range><lt>2.0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8">
<p>log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via
long log messages because the header size is not considered.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-39976</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-39976</url>
</references>
<dates>
<discovery>2023-08-08</discovery>
<entry>2024-11-04</entry>
</dates>
</vuln>
<vuln vid="e17384ef-c5e8-4b5d-bb62-c13405e7f1f7">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>130.0.6723.91</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>130.0.6723.91</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[375123371] Critical CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR) on 2024-10-23</li>
<li>[374310077] High CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-10-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-10487</cvename>
<cvename>CVE-2024-10488</cvename>
<url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html</url>
</references>
<dates>
<discovery>2024-10-29</discovery>
<entry>2024-11-02</entry>
</dates>
</vuln>
<vuln vid="3092668e-97e4-11ef-bdd9-4ccc6adda413">
<topic>qt5-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.18p2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 15 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-4761: Out of bounds write in V8</li>
<li>CVE-2024-5158: Type confusion in V8</li>
<li>CVE-2024-7532: Out of bounds memory access in ANGLE</li>
<li>CVE-2024-7965: Inappropriate implementation in V8</li>
<li>CVE-2024-7967: Heap buffer overflow in Fonts</li>
<li>CVE-2024-7971: Type confusion in V8</li>
<li>CVE-2024-8198: Heap buffer overflow in Skia</li>
<li>CVE-2024-8636: Heap buffer overflow in Skia</li>
<li>CVE-2024-9123: Integer overflow in Skia</li>
<li>CVE-2024-9602: Type confusion in V8</li>
<li>CVE-2024-9603: Type confusion in V8</li>
<li>CVE-2024-10229: Inappropriate implementation in Extensions</li>
<li>CVE-2024-45490: Negative length in libexpat</li>
<li>CVE-2024-45491: Integer overflow in libexpat</li>
<li>CVE-2024-45492: Integer overflow in libexpat</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4761</cvename>
<cvename>CVE-2024-5158</cvename>
<cvename>CVE-2024-7532</cvename>
<cvename>CVE-2024-7965</cvename>
<cvename>CVE-2024-7967</cvename>
<cvename>CVE-2024-7971</cvename>
<cvename>CVE-2024-8198</cvename>
<cvename>CVE-2024-8636</cvename>
<cvename>CVE-2024-9123</cvename>
<cvename>CVE-2024-9602</cvename>
<cvename>CVE-2024-9603</cvename>
<cvename>CVE-2024-10229</cvename>
<cvename>CVE-2024-45490</cvename>
<cvename>CVE-2024-45491</cvename>
<cvename>CVE-2024-45492</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2024-09-18</discovery>
<entry>2024-10-31</entry>
</dates>
</vuln>
<vuln vid="fd538d14-5778-4764-b321-2ddd61a8a58f">
<topic>keycloak -- Missing server identity checks when sending mails via SMTPS</topic>
<affects>
<package>
<name>keycloak</name>
<range><lt>26.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Red Hat reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=2315808">
<p>A vulnerability was found in Apache Sling Commons Messaging
Mail(angus-mail), which provides a simple interface for sending
emails via SMTPS in OSGi, does not offer an option to enable
server identity checks, leaving connections vulnerable to
"man-in-the-middle" attacks and can allow insecure email
communication.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-44549</cvename>
<url>https://www.cve.org/CVERecord?id=CVE-2021-44549</url>
</references>
<dates>
<discovery>2024-10-01</discovery>
<entry>2024-10-31</entry>
</dates>
</vuln>
<vuln vid="b73d1f2a-96de-11ef-9e71-00d8612f03c8">
<topic>librewolf -- Undefined behavior in selection node cache</topic>
<affects>
<package>
<name>librewolf</name>
<range><lt>131.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1920381">
<p>When manipulating the selection node cache, an attacker may have
been able to cause unexpected behavior, potentially leading to an
exploitable crash. This vulnerability affects Firefox < 131.0.3.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9936</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9936</url>
</references>
<dates>
<discovery>2024-10-14</discovery>
<entry>2024-10-30</entry>
</dates>
</vuln>
<vuln vid="4b3a8e7d-9372-11ef-87ad-a8a15998b5cb">
<topic>hwloc2 -- Denial of service or other unspecified impacts</topic>
<affects>
<package>
<name>hwloc2</name>
<range><ge>2.1.0</ge><le>2.9.2</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/open-mpi/hwloc/issues/544">
<p>An issue was discovered in open-mpi hwloc 2.1.0 allows attackers
to cause a denial of service or other unspecified impacts via
glibc-cpuset in topology-linux.c.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-47022</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2022-47022</url>
</references>
<dates>
<discovery>2023-08-22</discovery>
<entry>2024-10-29</entry>
</dates>
</vuln>
<vuln vid="f07c8f87-8e65-11ef-81b8-659bf0027d16">
<topic>forgejo -- multiple vulnerabilities</topic>
<affects>
<package>
<name>forgejo</name>
<range><lt>9.0.1</lt></range>
</package>
<package>
<name>forgejo7</name>
<range><lt>7.0.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<ul>
<li>Forgejo generates a token which is used to authenticate web
endpoints that are only meant to be used internally, for instance
when the SSH daemon is used to push a commit with Git. The
verification of this token was not done in constant time and was
susceptible to timing attacks. A pre-condition for such an attack is
the precise measurements of the time for each operation. Since it
requires observing the timing of network operations, the issue is
mitigated when a Forgejo instance is accessed over the internet
because the ISP introduce unpredictable random delays.</li>
<li>Because of a missing permission check, the branch used to propose
a pull request to a repository can always be deleted by the user
performing the merge. It was fixed so that such a deletion is only
allowed if the user performing the merge has write permission to the
repository from which the pull request was made.</li>
</ul>
</body>
</description>
<references>
<url>https://codeberg.org/forgejo/forgejo/milestone/8544</url>
<url>https://codeberg.org/forgejo/forgejo/pulls/5719</url>
<url>https://codeberg.org/forgejo/forgejo/pulls/5718</url>
</references>
<dates>
<discovery>2024-10-28</discovery>
<entry>2024-10-29</entry>
</dates>
</vuln>
<vuln vid="fafaef4d-f364-4a07-bbdd-bf53448c593c">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>130.0.6723.69</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>130.0.6723.69</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[371011220] High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-02</li>
<li>[371565065] High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-05</li>
<li>[372269618] High CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-10229</cvename>
<cvename>CVE-2024-10230</cvename>
<cvename>CVE-2024-10231</cvename>
<url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html</url>
</references>
<dates>
<discovery>2024-10-22</discovery>
<entry>2024-10-26</entry>
</dates>
</vuln>
<vuln vid="1e71e366-080b-4e8f-a9e6-150bf698186b">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>130.0.6723.58</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>130.0.6723.58</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html">
<p>This update includes 17 security fixes:</p>
<ul>
<li>[367755363] High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18</li>
<li>[370133761] Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29</li>
<li>[370482421] Medium CVE-2024-9956: Inappropriate implementation in Web Authentication. Reported by mastersplinter on 2024-09-30</li>
<li>[358151317] Medium CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-08</li>
<li>[40076120] Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture. Reported by Lyra Rebane (rebane2001) on 2023-11-02</li>
<li>[368672129] Medium CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S on 2024-09-21</li>
<li>[354748063] Medium CVE-2024-9960: Use after free in Dawn. Reported by Anonymous on 2024-07-23</li>
<li>[357776197] Medium CVE-2024-9961: Use after free in Parcel Tracking. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-06</li>
<li>[364508693] Medium CVE-2024-9962: Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-09-04</li>
<li>[328278718] Medium CVE-2024-9963: Insufficient data validation in Downloads. Reported by Anonymous on 2024-03-06</li>
<li>[361711121] Low CVE-2024-9964: Inappropriate implementation in Payments. Reported by Hafiizh on 2024-08-23</li>
<li>[352651673] Low CVE-2024-9965: Insufficient data validation in DevTools. Reported by Shaheen Fazim on 2024-07-12</li>
<li>[364773822] Low CVE-2024-9966: Inappropriate implementation in Navigations. Reported by Harry Chen on 2024-09-05</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9954</cvename>
<cvename>CVE-2024-9955</cvename>
<cvename>CVE-2024-9956</cvename>
<cvename>CVE-2024-9957</cvename>
<cvename>CVE-2024-9958</cvename>
<cvename>CVE-2024-9959</cvename>
<cvename>CVE-2024-9960</cvename>
<cvename>CVE-2024-9961</cvename>
<cvename>CVE-2024-9962</cvename>
<cvename>CVE-2024-9963</cvename>
<cvename>CVE-2024-9964</cvename>
<cvename>CVE-2024-9965</cvename>
<cvename>CVE-2024-9966</cvename>
<url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html</url>
</references>
<dates>
<discovery>2024-10-15</discovery>
<entry>2024-10-26</entry>
</dates>
</vuln>
<vuln vid="fcb0e00f-d7d3-49b6-a4a1-852528230912">
<topic>electron31 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron31</name>
<range><lt>31.7.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v31.7.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-9121.</li>
<li>Security: backported fix for CVE-2024-9122.</li>
<li>Security: backported fix for CVE-2024-7025.</li>
<li>Security: backported fix for CVE-2024-9369.</li>
<li>Security: backported fix for CVE-2024-7965.</li>
<li>Security: backported fix for CVE-2024-7966.</li>
<li>Security: backported fix for CVE-2024-7967.</li>
<li>Security: backported fix for CVE-2024-8198.</li>
<li>Security: backported fix for CVE-2024-8193.</li>
<li>Security: backported fix for CVE-2024-7969.</li>
<li>Security: backported fix for CVE-2024-7970.</li>
<li>Security: backported fix for CVE-2024-8362.</li>
<li>Security: backported fix for CVE-2024-8636.</li>
<li>Security: backported fix for CVE-2024-9123.</li>
<li>Security: backported fix for CVE-2024-9120.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9121</cvename>
<url>https://github.com/advisories/GHSA-qcr8-x9j3-5j62</url>
<cvename>CVE-2024-9122</cvename>
<url>https://github.com/advisories/GHSA-4fw3-822r-pqw6</url>
<cvename>CVE-2024-7025</cvename>
<cvename>CVE-2024-9369</cvename>
<cvename>CVE-2024-7965</cvename>
<url>https://github.com/advisories/GHSA-x38q-hvmx-rwhg</url>
<cvename>CVE-2024-7966</cvename>
<url>https://github.com/advisories/GHSA-4pj3-wmgx-2h8r</url>
<cvename>CVE-2024-7967</cvename>
<url>https://github.com/advisories/GHSA-57cq-jgq2-x7vg</url>
<cvename>CVE-2024-8198</cvename>
<url>https://github.com/advisories/GHSA-76vg-grjj-w595</url>
<cvename>CVE-2024-8193</cvename>
<url>https://github.com/advisories/GHSA-5q6v-fp9h-6rjg</url>
<cvename>CVE-2024-7969</cvename>
<url>https://github.com/advisories/GHSA-p8h7-64p8-w5pq</url>
<cvename>CVE-2024-7970</cvename>
<url>https://github.com/advisories/GHSA-4c4w-77f9-v9mq</url>
<cvename>CVE-2024-8362</cvename>
<url>https://github.com/advisories/GHSA-rw7g-4966-p363</url>
<cvename>CVE-2024-8636</cvename>
<url>https://github.com/advisories/GHSA-r6cg-gw4p-5gmj</url>
<cvename>CVE-2024-9123</cvename>
<url>https://github.com/advisories/GHSA-xwv3-34j2-7jgx</url>
<cvename>CVE-2024-9120</cvename>
<url>https://github.com/advisories/GHSA-xh87-v57g-jhpw</url>
</references>
<dates>
<discovery>2024-10-24</discovery>
<entry>2024-10-24</entry>
</dates>
</vuln>
<vuln vid="78e6c113-91c1-11ef-a904-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.5.0</ge><lt>17.5.1</lt></range>
<range><ge>17.4.0</ge><lt>17.4.3</lt></range>
<range><ge>11.2.0</ge><lt>17.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/">
<p>HTML injection in Global Search may lead to XSS</p>
<p>DoS via XML manifest file import</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8312</cvename>
<cvename>CVE-2024-6826</cvename>
<url>https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/</url>
</references>
<dates>
<discovery>2024-10-23</discovery>
<entry>2024-10-24</entry>
</dates>
</vuln>
<vuln vid="cc068959-ce2b-42eb-81ed-055551fe0e51">
<topic>electron32 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron32</name>
<range><lt>32.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v32.2.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-7966.</li>
<li>Security: backported fix for CVE-2024-9370.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7966</cvename>
<url>https://github.com/advisories/GHSA-4pj3-wmgx-2h8r</url>
<cvename>CVE-2024-9370</cvename>
</references>
<dates>
<discovery>2024-10-23</discovery>
<entry>2024-10-23</entry>
</dates>
</vuln>
<vuln vid="dbe8c5bd-8d3f-11ef-8d2e-a04a5edf46d9">
<topic>oauth2-proxy -- multiple vulnerabilities</topic>
<affects>
<package>
<name>oauth2-proxy</name>
<range><lt>7.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The oauth2-proxy project reports:</p>
<blockquote cite="https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0">
<p>Vulnerabilities have been addressed:</p>
<ul>
<li>CVE-2024-24786</li>
<li>CVE-2024-24791</li>
<li>CVE-2024-24790</li>
<li>CVE-2024-24784</li>
<li>CVE-2024-28180</li>
<li>CVE-2023-45288</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24786</cvename>
<cvename>CVE-2024-24791</cvename>
<cvename>CVE-2024-24790</cvename>
<cvename>CVE-2024-24784</cvename>
<cvename>CVE-2024-28180</cvename>
<cvename>CVE-2024-45288</cvename>
<url>https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.7.0</url>
</references>
<dates>
<discovery>2024-10-02</discovery>
<entry>2024-10-18</entry>
</dates>
</vuln>
<vuln vid="c6f4177c-8e29-11ef-98e7-84a93843eb75">
<topic>OpenSSL -- OOB memory access vulnerability</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.15_1,1</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.7_1</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.3_1</lt></range>
</package>
<package>
<name>openssl33</name>
<range><lt>3.3.2_1</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.15_1,1</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.7_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://openssl-library.org/news/secadv/20241016.txt">
<p>Low-level invalid GF(2^m) parameters lead to OOB memory access
(CVE-2024-9143) (Low)</p>
<p> Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds
memory reads or writes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9143</cvename>
<url>https://openssl-library.org/news/secadv/20241016.txt</url>
</references>
<dates>
<discovery>2024-10-16</discovery>
<entry>2024-10-19</entry>
</dates>
</vuln>
<vuln vid="815bf172-ab9e-4c4b-9662-d18b0054330d">
<topic>electron{31,32} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron31</name>
<range><lt>31.7.1</lt></range>
</package>
<package>
<name>electron32</name>
<range><lt>32.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v31.7.1">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-9602.</li>
<li>Security: backported fix for CVE-2024-9603.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9602</cvename>
<url>https://github.com/advisories/GHSA-4v8q-vp3v-vvxh</url>
<cvename>CVE-2024-9603</cvename>
<url>https://github.com/advisories/GHSA-92m3-m5pw-p2x9</url>
</references>
<dates>
<discovery>2024-10-16</discovery>
<entry>2024-10-18</entry>
</dates>
</vuln>
<vuln vid="851ce3e4-8b03-11ef-84e9-901b0e9408dc">
<topic>element-web -- Potential exposure of access token via authenticated media</topic>
<affects>
<package>
<name>element-web</name>
<range><ge>1.11.70</ge><lt>1.11.81</lt>
</range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Element team reports:</p>
<blockquote cite="https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x">
<p>Element Web versions 1.11.70 through 1.11.80 contain a
vulnerability which can, under specially crafted conditions,
lead to the access token becoming exposed to third
parties. At least one vector has been identified internally,
involving malicious widgets, but other vectors may
exist. Users are strongly advised to upgrade to version
1.11.81 to remediate the issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-47779</cvename>
<url>https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x</url>
</references>
<dates>
<discovery>2024-10-15</discovery>
<entry>2024-10-15</entry>
</dates>
</vuln>
<vuln vid="64e299b6-d12b-4a7a-a94f-ab133703925a">
<topic>vscode -- Visual Studio Code for Linux Remote Code Execution Vulnerability</topic>
<affects>
<package>
<name>vscode</name>
<range><lt>1.94.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VSCode developers report:</p>
<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-g56j-w527-8x6f">
<p>Visual Studio Code for Linux Remote Code Execution Vulnerability</p>
<p>A remote code execution vulnerability exists in VS Code 1.94.0 and earlier versions in the elevated save flow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-43601</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-43601</url>
<url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43601</url>
</references>
<dates>
<discovery>2024-10-08</discovery>
<entry>2024-10-11</entry>
</dates>
</vuln>
<vuln vid="2fb13238-872d-11ef-bd1e-b42e991fc52e">
<topic>firefox -- use-after-free code execution</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>131.0.2,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.3.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1923344">
<p>An attacker was able to achieve code execution in the
content process by exploiting a use-after-free in Animation
timelines. We have had reports of this vulnerability being
exploited in the wild.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9680</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9680</url>
</references>
<dates>
<discovery>2024-10-09</discovery>
<entry>2024-10-10</entry>
</dates>
</vuln>
<vuln vid="cc1ac01e-86b0-11ef-9369-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.4.0</ge><lt>17.4.2</lt></range>
<range><ge>17.3.0</ge><lt>17.3.5</lt></range>
<range><ge>8.16</ge><lt>17.2.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/">
<p>Run pipelines on arbitrary branches</p>
<p>An attacker can impersonate arbitrary user</p>
<p>SSRF in Analytics Dashboard</p>
<p>Viewing diffs of MR with conflicts can be slow</p>
<p>HTMLi in OAuth page</p>
<p>Deploy Keys can push changes to an archived repository</p>
<p>Guests can disclose project templates</p>
<p>GitLab instance version disclosed to unauthorized users</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9164</cvename>
<cvename>CVE-2024-8970</cvename>
<cvename>CVE-2024-8977</cvename>
<cvename>CVE-2024-9631</cvename>
<cvename>CVE-2024-6530</cvename>
<cvename>CVE-2024-9623</cvename>
<cvename>CVE-2024-5005</cvename>
<cvename>CVE-2024-9596</cvename>
<url>https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/</url>
</references>
<dates>
<discovery>2024-10-09</discovery>
<entry>2024-10-10</entry>
</dates>
</vuln>
<vuln vid="79b1f4ee-860a-11ef-b2dc-cbccbf25b7ea">
<topic>gitea -- token missing access control for packages</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.22.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<ul>
<li>Fix bug when a token is given public only</li>
</ul>
</body>
</description>
<references>
<url>https://github.com/go-gitea/gitea/pull/32204</url>
</references>
<dates>
<discovery>2024-10-06</discovery>
<entry>2024-10-09</entry>
</dates>
</vuln>
<vuln vid="8727b513-855b-11ef-9e50-6805ca2fa271">
<topic>powerdns-recursor -- denial of service</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><lt>5.1.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://blog.powerdns.com/2024/10/03/powerdns-recursor-4-9-9-5-0-9-5-1-2-released">
<p>PowerDNS Security Advisory 2024-04: Crafted responses can lead to
a denial of service due to cache inefficiencies in the Recursor</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-25590</cvename>
<url>https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html</url>
</references>
<dates>
<discovery>2024-10-03</discovery>
<entry>2024-10-09</entry>
</dates>
</vuln>
<vuln vid="7217f6e8-3ff4-4387-845d-d1744bb7f95e">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>129.0.6668.100</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>129.0.6668.100</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[368241697] High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-09-20</li>
<li>[367818758] High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9602</cvename>
<cvename>CVE-2024-9603</cvename>
<url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html</url>
</references>
<dates>
<discovery>2024-10-08</discovery>
<entry>2024-10-09</entry>
</dates>
</vuln>
<vuln vid="83117378-f773-4617-bf74-477d569dcd74">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>129.0.6668.89</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>129.0.6668.89</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[367764861] High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18</li>
<li>[368208152] High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on 2024-09-19</li>
<li>[368311899] High CVE-2024-9370: Inappropriate implementation in V8. Reported by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte. Ltd. on 2024-09-19</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7025</cvename>
<cvename>CVE-2024-9369</cvename>
<cvename>CVE-2024-9370</cvename>
<url>https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-10-01</discovery>
<entry>2024-10-09</entry>
</dates>
</vuln>
<vuln vid="2368755b-83f6-11ef-8d2e-a04a5edf46d9">
<topic>Unbound -- Denial of service attack</topic>
<affects>
<package>
<name>unbound</name>
<range><lt>1.21.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NLnet labs report:</p>
<blockquote cite="https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/">
<p>A vulnerability has been discovered in Unbound when handling
replies with very large RRsets that Unbound needs to perform name
compression for.</p>
<p>Malicious upstreams responses with very large RRsets can cause
Unbound to spend a considerable time applying name compression to
downstream replies. This can lead to degraded performance and
eventually denial of service in well orchestrated attacks.</p>
<p>Unbound version 1.21.1 introduces a hard limit on the number of
name compression calculations it is willing to do per packet.
Packets that need more compression will result in semi-compressed
packets or truncated packets, even on TCP for huge messages, to
avoid locking the CPU for long.</p>
<p>This change should not affect normal DNS traffic.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8508</cvename>
<url>https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/</url>
</references>
<dates>
<discovery>2024-10-03</discovery>
<entry>2024-10-06</entry>
</dates>
</vuln>
<vuln vid="fe7031d3-3000-4b43-9fa6-52c2b624b8f9">
<topic>zeek -- potential DoS vulnerability</topic>
<affects>
<package>
<name>zeek</name>
<range><lt>7.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Wojtulewicz of Corelight reports:</p>
<blockquote cite="https://github.com/zeek/zeek/releases/tag/v7.0.3">
<p> Adding to the POP3 hardening in 7.0.2, the parser now
simply discards too many pending commands, rather than
any attempting to process them. Further, invalid server
responses do not result in command completion anymore.
Processing out-of-order commands or finishing commands
based on invalid server responses could result in
inconsistent analyzer state, potentially triggering null
pointer references for crafted traffic. </p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zeek/zeek/releases/tag/v7.0.3</url>
</references>
<dates>
<discovery>2024-10-05</discovery>
<entry>2024-10-05</entry>
</dates>
</vuln>
<vuln vid="0417d41a-8175-11ef-a5dc-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>131.0,2</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>128.3.0,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>128.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1872744%2C1897792%2C1911317%2C1913445%2C1914106%2C1914475%2C1914963%2C1915008%2C1916476">
<ul>
<li>CVE-2024-9392: A compromised content process could have
allowed for the arbitrary loading of cross-origin pages.</li>
<li>CVE-2024-9396: It is currently unknown if this issue is
exploitable but a condition may arise where the structured
clone of certain objects could lead to memory corruption.</li>
<li>CVE-2024-9400: A potential memory corruption vulnerability
could be triggered if an attacker had the ability to trigger
an OOM at a specific moment during JIT compilation.</li>
<li>CVE-2024-9401: Memory safety bugs present in Firefox 130,
Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2.
Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been
exploited to run arbitrary code.</li>
<li>CVE-2024-9402: Memory safety bugs present in Firefox 130,
Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs
showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run
arbitrary code.</li>
<li>CVE-2024-9403: Memory safety bugs present in Firefox 130.
Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been
exploited to run arbitrary code.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9392</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9392</url>
<cvename>CVE-2024-9396</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9396</url>
<cvename>CVE-2024-9400</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9400</url>
<cvename>CVE-2024-9401</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9401</url>
<cvename>CVE-2024-9402</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9402</url>
<cvename>CVE-2024-9403</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-9403</url>
</references>
<dates>
<discovery>2024-10-01</discovery>
<entry>2024-10-03</entry>
</dates>
</vuln>
<vuln vid="3c6f8270-3210-4e2f-ba72-a9cdca7417a0">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.479</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.462.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2024-10-02/">
<h1>Description</h1>
<h5>(Medium) SECURITY-3451 / CVE-2024-47803</h5>
<p>Exposure of multi-line secrets through error messages in Jenkins</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3448 / CVE-2024-47804</h5>
<p>Item creation restriction bypass vulnerability in Jenkins</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-47803</cvename>
<cvename>CVE-2024-47804</cvename>
<url>https://www.jenkins.io/security/advisory/2024-10-02/</url>
</references>
<dates>
<discovery>2024-10-02</discovery>
<entry>2024-10-03</entry>
</dates>
</vuln>
<vuln vid="8b20f21a-8113-11ef-b988-08002784c58d">
<topic>redis,valkey -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>redis</name>
<range><ge>7.4.0</ge><lt>7.4.1</lt></range>
<range><ge>7.2.0</ge><lt>7.2.6</lt></range>
</package>
<package>
<name>redis72</name>
<range><ge>7.2.0</ge><lt>7.2.6</lt></range>
</package>
<package>
<name>redis62</name>
<range><ge>6.2.0</ge><lt>6.2.16</lt></range>
</package>
<package>
<name>valkey</name>
<range><ge>8,0,0</ge><lt>8.0.1</lt></range>
<range><ge>7.2.0</ge><lt>7.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Redis core team reports:</p>
<blockquote cite="https://github.com/redis/redis/releases/tag/7.4.1">
<dl>
<dt>CVE-2024-31449</dt>
<dd>Lua library commands may lead to stack overflow and potential RCE.</dd>
<dt>CVE-2024-31227</dt>
<dd>Potential Denial-of-service due to malformed ACL selectors.</dd>
<dt>CVE-2024-31228</dt>
<dd>Potential Denial-of-service due to unbounded pattern matching.</dd>
</dl>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31449</cvename>
<cvename>CVE-2024-31227</cvename>
<cvename>CVE-2024-31228</cvename>
<url>https://github.com/redis/redis/releases/tag/7.4.1</url>
</references>
<dates>
<discovery>2024-10-02</discovery>
<entry>2024-10-02</entry>
</dates>
</vuln>
<vuln vid="fe5c1e7a-7eed-11ef-9533-f875a43e1796">
<topic>php -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>php81</name>
<range><lt>8.1.30</lt></range>
</package>
<package>
<name>php82</name>
<range><lt>8.2.24</lt></range>
</package>
<package>
<name>php83</name>
<range><lt>8.3.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>php.net reports:</p>
<blockquote cite="https://www.php.net/ChangeLog-8.php">
<ul>
<li>CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 (Bypass of CVE-2024-4577, Parameter Injection Vulnerability).</li>
<li>CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision).</li>
<li>CVE-2024-9026: FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).</li>
<li>CVE-2024-8925: SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8926</cvename>
<cvename>CVE-2024-8927</cvename>
<cvename>CVE-2024-9026</cvename>
<cvename>CVE-2024-8925</cvename>
<url>https://www.php.net/ChangeLog-8.php</url>
</references>
<dates>
<discovery>2024-09-26</discovery>
<entry>2024-09-30</entry>
</dates>
</vuln>
<vuln vid="f9cfdb00-7f43-11ef-9b27-592d55dd336d">
<topic>Slixmpp -- Lack of SSL Certificate hostname validation in XMLStream</topic>
<affects>
<package>
<name>py38-slixmpp</name>
<name>py39-slixmpp</name>
<name>py310-slixmpp</name>
<name>py311-slixmpp</name>
<range><lt>1.8.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NIST reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-45197">
<p>Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream,
allowing an attacker to pose as any server in the eyes of Slixmpp.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-45197</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2022-45197</url>
</references>
<dates>
<discovery>2022-12-25</discovery>
<entry>2024-09-30</entry>
</dates>
</vuln>
<vuln vid="2f82696c-adad-447b-9938-c99441805fa3">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>129.0.6668.70</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>129.0.6668.70</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html">
<p>This update includes 5 security fixes:</p>
<ul>
<li>[365254285] High CVE-2024-9120: Use after free in Dawn. Reported by Anonymous on 2024-09-08</li>
<li>[363538434] High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01</li>
<li>[365802567] High CVE-2024-9122: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-09-10</li>
<li>[365884464] High CVE-2024-9123: Integer overflow in Skia. Reported by raven at KunLun lab on 2024-09-11</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-9120</cvename>
<cvename>CVE-2024-9121</cvename>
<cvename>CVE-2024-9122</cvename>
<cvename>CVE-2024-9123</cvename>
<url>https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html</url>
</references>
<dates>
<discovery>2024-09-24</discovery>
<entry>2024-09-30</entry>
</dates>
</vuln>
<vuln vid="42ec2207-7e85-11ef-89a4-b42e991fc52e">
<topic>sqlite -- use-after-free bug in jsonparseaddnodearray</topic>
<affects>
<package>
<name>sqlite3</name>
<range><lt>3.43.2,1</lt></range>
</package>
<package>
<name>linux-rl9-sqlite</name>
<range><lt>3.43.2</lt></range>
</package>
<package>
<name>linux-c7-sqlite</name>
<range><lt>3.43.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>secalert@redhat.com reports:</p>
<blockquote cite="https://access.redhat.com/security/cve/CVE-2024-0232">
<p>A heap use-after-free issue has been identified in SQLite in the
jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a
local attacker to leverage a victim to pass specially crafted
malicious input to the application, potentially causing a crash and
leading to a denial of service.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0232</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-0232</url>
</references>
<dates>
<discovery>2024-01-16</discovery>
<entry>2024-09-29</entry>
</dates>
</vuln>
<vuln vid="24375796-7cbc-11ef-a3a9-001cc0382b2f">
<topic>cups-filters -- remote code execution</topic>
<affects>
<package>
<name>cups-filters</name>
<range><lt>1.28.17_6</lt></range>
</package>
<package>
<name>cups</name>
<range><lt>2.4.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenPrinting reports:</p>
<blockquote cite="https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8">
<p>Due to the service binding to *:631 ( INADDR_ANY ), multiple bugs
in cups-browsed can be exploited in sequence to introduce a
malicious printer to the system. This chain of exploits ultimately
enables an attacker to execute arbitrary commands remotely on the
target machine without authentication when a print job is started.
Posing a significant security risk over the network. Notably, this
vulnerability is particularly concerning as it can be exploited
from the public internet, potentially exposing a vast number of
systems to remote attacks if their CUPS services are enabled.</p>
</blockquote>
<p>The vulnerability allows an attacker on the internet to create a
new printer device with arbitrary commands in the PPD file of the
printer. Attacks using mDNS on the local network can also replace an
existing printer. The commands are executed when a user attempts to
print on the malicious device. They run with the privileges of the
user "cups".</p>
<p>It is recommended to disable the cups_browsed service until patches
become available. On FreeBSD this is the default. You can check the
status and disable the service with the following commands:</p>
<p><code># service cups_browsed status<br />
# service cups_browsed stop<br />
# service cups_browsed disable</code></p>
<p>If you choose to leave the service enabled, attacks from the
internet can be blocked by removing the "cups" protocol from the
BrowseRemoteProtocols and BrowseProtocols directives in
/usr/local/etc/cups/cups-browsed.conf. Attacks using mDNS can be
blocked by removing the "dnssd" protocol as well. Access can be
limited to specific IP addresses using BrowseAllow, BrowseDeny, and
BrowseOrder directives as documented in cups-browsed.conf(5). Then
restart the service with the following command:</p>
<p><code># service cups_browsed restart</code></p>
</body>
</description>
<references>
<cvename>CVE-2024-47076</cvename>
<cvename>CVE-2024-47175</cvename>
<cvename>CVE-2024-47176</cvename>
<url>https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8</url>
</references>
<dates>
<discovery>2024-09-26</discovery>
<entry>2024-09-27</entry>
<modified>2024-10-02</modified>
</dates>
</vuln>
<vuln vid="ca5f3bbc-7a62-11ef-9533-f875a43e1796">
<topic>expat -- multiple vulnerabilities</topic>
<affects>
<package>
<name>expat</name>
<range><lt>2.6.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>libexpat reports:</p>
<blockquote cite="https://github.com/libexpat/libexpat/blob/master/expat/Changes">
<ul>
<li>CVE-2024-45490: Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.</li>
<li>CVE-2024-45491: Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.</li>
<li>CVE-2024-45492: Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-45490</cvename>
<cvename>CVE-2024-45491</cvename>
<cvename>CVE-2024-45492</cvename>
<url>https://github.com/libexpat/libexpat/blob/master/expat/Changes</url>
</references>
<dates>
<discovery>2024-09-24</discovery>
<entry>2024-09-24</entry>
</dates>
</vuln>
<vuln vid="4b7ed61f-7bbf-11ef-9369-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.4.0</ge><lt>17.4.1</lt></range>
<range><ge>17.3.0</ge><lt>17.3.4</lt></range>
<range><ge>15.6.0</ge><lt>17.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/">
<p>Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request</p>
<p>AI feature reads unsanitized content, allowing for attacker to hide prompt injection</p>
<p>Project reference can be exposed in system notes</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4278</cvename>
<cvename>CVE-2024-4099</cvename>
<cvename>CVE-2024-8974</cvename>
<url>https://about.gitlab.com/releases/2024/09/25/patch-release-gitlab-17-4-1-released/</url>
</references>
<dates>
<discovery>2024-09-25</discovery>
<entry>2024-09-26</entry>
</dates>
</vuln>
<vuln vid="802961eb-7a89-11ef-bdd7-a0423f48a938">
<topic>frr - BGP</topic>
<affects>
<package>
<name>frr9</name>
<range><lt>9.1.2</lt></range>
</package>
<package>
<name>frr8</name>
<range><lt>8.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/FRRouting/frr/pull/16497">
<p>An issue was discovered in FRRouting (FRR). bgp_attr_encap
in bgpd/bgp_attr.c does not check the actual remaining stream length
before taking the TLV value.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-44070</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-44070</url>
</references>
<dates>
<discovery>2024-08-19</discovery>
<entry>2024-09-24</entry>
</dates>
</vuln>
<vuln vid="d47b7ae7-fe1d-4f7f-919a-480ca8035f00">
<topic>zeek -- potential DoS vulnerability</topic>
<affects>
<package>
<name>zeek</name>
<range><lt>7.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Wojtulewicz of Corelight reports:</p>
<blockquote cite="https://github.com/zeek/zeek/releases/tag/v7.0.2">
<p> The POP3 parser has been hardened to avoid unbounded
state growth in the face of one-sided traffic capture or
when enabled for non-POP3 traffic. </p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zeek/zeek/releases/tag/v7.0.2</url>
</references>
<dates>
<discovery>2024-09-24</discovery>
<entry>2024-09-24</entry>
</dates>
</vuln>
<vuln vid="c02b8db5-771b-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- NFS client accepts file names containing path separators</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_3</lt></range>
<range><ge>14.0</ge><lt>14.0_9</lt></range>
<range><ge>13.3</ge><lt>13.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>When mounting a remote filesystem using NFS, the kernel did not
sanitize remotely provided filenames for the path separator character,
"/". This allows readdir(3) and related functions to return
filesystem entries with names containing additional path components.</p>
<h1>Impact:</h1>
<p>The lack of validation described above gives rise to a confused
deputy problem. For example, a program copying files from an NFS
mount could be tricked into copying from outside the intended source
directory, and/or to a location outside the intended destination
directory.</p>
</body>
</description>
<references>
<cvename>CVE-2024-6759</cvename>
<freebsdsa>SA-24:07.nfsclient</freebsdsa>
</references>
<dates>
<discovery>2024-08-07</discovery>
<entry>2024-09-20</entry>
</dates>
</vuln>
<vuln vid="8fb61d94-771b-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- ktrace(2) fails to detach when executing a setuid binary</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_3</lt></range>
<range><ge>14.0</ge><lt>14.0_9</lt></range>
<range><ge>13.3</ge><lt>13.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>A logic bug in the code which disables kernel tracing for setuid
programs meant that tracing was not disabled when it should have,
allowing unprivileged users to trace and inspect the behavior of
setuid programs.</p>
<h1>Impact:</h1>
<p>The bug may be used by an unprivileged user to read the contents
of files to which they would not otherwise have access, such as the
local password database.</p>
</body>
</description>
<references>
<cvename>CVE-2024-6760</cvename>
<freebsdsa>SA-24:06.ktrace</freebsdsa>
</references>
<dates>
<discovery>2024-08-07</discovery>
<entry>2024-09-20</entry>
</dates>
</vuln>
<vuln vid="f140cff0-771a-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_3</lt></range>
<range><ge>14.0</ge><lt>14.0_9</lt></range>
<range><ge>13.3</ge><lt>13.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When
pf is configured to allow ND and block incoming Echo Requests, a
crafted Echo Request packet after a Neighbor Solicitation (NS) can
trigger an Echo Reply. The packet has to come from the same host
as the NS and have a zero as identifier to match the state created
by the Neighbor Discovery and allow replies to be generated.</p>
<h1>Impact:</h1>
<p>ICMPv6 packets with identifier value of zero bypass firewall
rules written on the assumption that the incoming packets are going
to create a state in the state table.</p>
<h1>Note:</h1>
<p>This advisory introduced additional issues that were addressed by
FreeBSD-EN-24:16.pf. Please refer to that erratum for additional
fixes.</p>
</body>
</description>
<references>
<cvename>CVE-2024-6640</cvename>
<freebsdsa>SA-24:05.pf</freebsdsa>
<url>https://www.freebsd.org/security/advisories/FreeBSD-EN-24:16.pf.asc</url>
</references>
<dates>
<discovery>2024-08-07</discovery>
<entry>2024-09-20</entry>
</dates>
</vuln>
<vuln vid="93c12fe5-7716-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- Integer overflow in libnv</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_5</lt></range>
<range><ge>14.0</ge><lt>14.0_11</lt></range>
<range><ge>13.4</ge><lt>13.4_1</lt></range>
<range><ge>13.3</ge><lt>13.3_7</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_5</lt></range>
<range><ge>14.0</ge><lt>14.0_11</lt></range>
<range><ge>13.4</ge><lt>13.4_1</lt></range>
<range><ge>13.3</ge><lt>13.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>A malicious value of size in a structure of packed libnv can
cause an integer overflow, leading to the allocation of a smaller
buffer than required for the parsed data. The introduced check was
incorrect, as it took into account the size of the pointer, not the
structure. This vulnerability affects both kernel and userland.</p>
<p>This issue was originally intended to be addressed as part of
FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was
not properly addressed.</p>
<h1>Impact:</h1>
<p>It is possible for an attacker to overwrite portions of memory
(in userland or the kernel) as the allocated buffer might be smaller
than the data received from a malicious process. This vulnerability
could result in privilege escalation or cause a system panic.</p>
</body>
</description>
<references>
<cvename>CVE-2024-45287</cvename>
<freebsdsa>SA-24:16.libnv</freebsdsa>
</references>
<dates>
<discovery>2024-09-19</discovery>
<entry>2024-09-20</entry>
</dates>
</vuln>
<vuln vid="1febd09b-7716-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- bhyve(8) out-of-bounds read access via XHCI emulation</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_5</lt></range>
<range><ge>14.0</ge><lt>14.0_11</lt></range>
<range><ge>13.4</ge><lt>13.4_1</lt></range>
<range><ge>13.3</ge><lt>13.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>bhyve can be configured to emulate devices on a virtual USB
controller (XHCI), such as USB tablet devices. An insufficient
boundary validation in the USB code could lead to an out-of-bounds read
on the heap, which could potentially lead to an arbitrary write and
remote code execution.</p>
<h1>Impact:</h1>
<p>A malicious, privileged software running in a guest VM can exploit
the vulnerability to crash the hypervisor process or potentially achieve
code execution on the host in the bhyve userspace process, which
typically runs as root. Note that bhyve runs in a Capsicum sandbox, so
malicious code is constrained by the capabilities available to the bhyve
process.</p>
</body>
</description>
<references>
<cvename>CVE-2024-41721</cvename>
<freebsdsa>SA-24:15.bhyve</freebsdsa>
</references>
<dates>
<discovery>2024-09-19</discovery>
<entry>2024-09-20</entry>
</dates>
</vuln>
<vuln vid="3e738678-7582-11ef-bece-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.3.0</ge><lt>17.3.3</lt></range>
<range><ge>17.2.0</ge><lt>17.2.7</lt></range>
<range><ge>0</ge><lt>17.1.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/">
<p>SAML authentication bypass</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-45409</cvename>
<url>https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/</url>
</references>
<dates>
<discovery>2024-09-17</discovery>
<entry>2024-09-18</entry>
</dates>
</vuln>
<vuln vid="58750d49-7302-11ef-8c95-195d300202b3">
<topic>OpenSSH -- Pre-authentication async signal safety issue</topic>
<affects>
<package>
<name>openssh-portable</name>
<range><lt>9.8.p1_1,1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_3</lt></range>
<range><ge>14.0</ge><lt>14.0_9</lt></range>
<range><ge>13.3</ge><lt>13.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The FreeBSD Project reports:</p>
<blockquote cite="https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc">
<p>
A signal handler in sshd(8) may call a logging function that is not async-
signal-safe. The signal handler is invoked when a client does not
authenticate within the LoginGraceTime seconds (120 by default).
This signal handler executes in the context of the sshd(8)'s privileged
code, which is not sandboxed and runs with full root privileges.</p>
<p>This issue is another instance of the problem in CVE-2024-6387 addressed by
FreeBSD-SA-24:04.openssh. The faulty code in this case is from the
integration of blacklistd in OpenSSH in FreeBSD.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7589</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7589</url>
<freebsdsa>SA-24:08.openssh</freebsdsa>
</references>
<dates>
<discovery>2024-08-06</discovery>
<entry>2024-09-15</entry>
<modified>2024-09-20</modified>
</dates>
</vuln>
<vuln vid="bd940aba-7467-11ef-a5c4-08002784c58d">
<topic>SnappyMail -- multiple mXSS in HTML sanitizer</topic>
<affects>
<package>
<name>snappymail-php81</name>
<name>snappymail-php82</name>
<name>snappymail-php83</name>
<name>snappymail-php84</name>
<range><lt>2.38.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oskar reports:</p>
<blockquote cite="https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm">
<p>
SnappyMail uses the `cleanHtml()` function to cleanup HTML
and CSS in emails. Research discovered that the function
has a few bugs which cause an mXSS exploit. Because the
function allowed too many (invalid) HTML elements, it was
possible (with incorrect markup) to trick the browser to
"fix" the broken markup into valid markup. As a result a
motivated attacker may be able to inject javascript.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-45800</cvename>
<url>https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm</url>
</references>
<dates>
<discovery>2024-09-16</discovery>
<entry>2024-09-16</entry>
</dates>
</vuln>
<vuln vid="e464f777-719e-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>128.0.6613.137</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>128.0.6613.137</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[361461526] High CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-22</li>
<li>[361784548] High CVE-2024-8637: Use after free in Media Router. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-23</li>
<li>[362539773] High CVE-2024-8638: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-08-28</li>
<li>[362658609] High CVE-2024-8639: Use after free in Autofill. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-28</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8636</cvename>
<cvename>CVE-2024-8637</cvename>
<cvename>CVE-2024-8638</cvename>
<cvename>CVE-2024-8639</cvename>
<url>https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html</url>
</references>
<dates>
<discovery>2024-09-10</discovery>
<entry>2024-09-13</entry>
</dates>
</vuln>
<vuln vid="bcc8b21e-7122-11ef-bece-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.3.0</ge><lt>17.3.2</lt></range>
<range><ge>17.2.0</ge><lt>17.2.5</lt></range>
<range><ge>8.14.0</ge><lt>17.1.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/">
<p>Execute environment stop actions as the owner of the stop action job</p>
<p>Prevent code injection in Product Analytics funnels YAML</p>
<p>SSRF via Dependency Proxy</p>
<p>Denial of Service via sending a large glm_source parameter</p>
<p>CI_JOB_TOKEN can be used to obtain GitLab session token</p>
<p>Variables from settings are not overwritten by PEP if a template is included</p>
<p>Guests can disclose the full source code of projects using custom group-level templates</p>
<p>IdentitiesController allows linking of arbitrary unclaimed provider identities</p>
<p>Open redirect in repo/tree/:id endpoint can lead to account takeover through broken OAuth flow</p>
<p>Open redirect in release permanent links can lead to account takeover through broken OAuth flow</p>
<p>Guest user with Admin group member permission can edit custom role to gain other permissions</p>
<p>Exposure of protected and masked CI/CD variables by abusing on-demand DAST</p>
<p>Credentials disclosed when repository mirroring fails</p>
<p>Commit information visible through release atom endpoint for guest users</p>
<p>Dependency Proxy Credentials are Logged in Plaintext in graphql Logs</p>
<p>User Application can spoof the redirect url</p>
<p>Group Developers can view group runners information</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6678</cvename>
<cvename>CVE-2024-8640</cvename>
<cvename>CVE-2024-8635</cvename>
<cvename>CVE-2024-8124</cvename>
<cvename>CVE-2024-8641</cvename>
<cvename>CVE-2024-8311</cvename>
<cvename>CVE-2024-4660</cvename>
<cvename>CVE-2024-4283</cvename>
<cvename>CVE-2024-4612</cvename>
<cvename>CVE-2024-8631</cvename>
<cvename>CVE-2024-2743</cvename>
<cvename>CVE-2024-5435</cvename>
<cvename>CVE-2024-6389</cvename>
<cvename>CVE-2024-4472</cvename>
<cvename>CVE-2024-6446</cvename>
<cvename>CVE-2024-6685</cvename>
<url>https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/</url>
</references>
<dates>
<discovery>2024-09-11</discovery>
<entry>2024-09-12</entry>
</dates>
</vuln>
<vuln vid="d5026193-6fa2-11ef-99bc-1c697a616631">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20241112</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html">
<p>
A potential security vulnerability in the Running Average Power Limit
(RAPL) interface for some Intel Processors may allow information
disclosure. Intel has released firmware updates to mitigate this
potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html">
<p>
A potential security vulnerability in some Intel Processors may allow
denial of service. Intel has released firmware updates to mitigate
this potential vulnerability.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-23984</cvename>
<cvename>CVE-2024-24968</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240910</url>
</references>
<dates>
<discovery>2024-09-10</discovery>
<entry>2024-09-10</entry>
<modified>2024-11-12</modified>
</dates>
</vuln>
<vuln vid="996518f3-6ef9-11ef-b01b-08002784c58d">
<topic>clamav -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>clamav</name>
<range><ge>1.3.0,1</ge><lt>1.3.2,1</lt></range>
<range><ge>1.4.0,1</ge><lt>1.4.1,1</lt></range>
</package>
<package>
<name>clamav-lts</name>
<range><ge>1.0.0,1</ge><lt>1.0.6,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The ClamAV project reports:</p>
<blockquote cite="https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html">
<dl>
<dt>CVE-2024-20505</dt>
<dd>
A vulnerability in the PDF parsing module of Clam
AntiVirus (ClamAV) could allow an unauthenticated,
remote attacker to cause a denial of service (DoS)
condition on an affected device. The vulnerability is
due to an out of bounds read. An attacker could exploit
this vulnerability by submitting a crafted PDF file to
be scanned by ClamAV on an affected device. An exploit
could allow the attacker to terminate the scanning
process.
</dd>
<dt>CVE-2024-20506</dt>
<dd>
A vulnerability in the ClamD service module of Clam
AntiVirus (ClamAV) could allow an authenticated, local
attacker to corrupt critical system files. The
vulnerability is due to allowing the ClamD process to
write to its log file while privileged without checking
if the logfile has been replaced with a symbolic
link. An attacker could exploit this vulnerability if
they replace the ClamD log file with a symlink to a
critical system file and then find a way to restart the
ClamD process. An exploit could allow the attacker to
corrupt a critical system file by appending ClamD log
messages after restart.
</dd>
</dl>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-20505</cvename>
<cvename>CVE-2024-20506</cvename>
<url>https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html</url>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-09</entry>
</dates>
</vuln>
<vuln vid="8fbe81f7-6eb5-11ef-b7bd-00505632d232">
<topic>netatalk3 -- multiple WolfSSL vulnerabilities</topic>
<affects>
<package>
<name>netatalk3</name>
<range><lt>3.2.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Netatalk release reports:</p>
<blockquote cite="https://github.com/Netatalk/netatalk/releases/tag/netatalk-3-2-8">
<p>WolfSSL 5.7.0 (included in netatalk) includes multiple security vulnerabilities.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1544</cvename>
<cvename>CVE-2024-5288</cvename>
<cvename>CVE-2024-5991</cvename>
<cvename>CVE-2024-5814</cvename>
</references>
<dates>
<discovery>2024-09-08</discovery>
<entry>2024-09-09</entry>
</dates>
</vuln>
<vuln vid="80fbe184-2358-11ef-996e-40b034455553">
<topic>minio -- unintentional information disclosure</topic>
<affects>
<package>
<name>minio</name>
<range><lt>2024.05.27.19.17.46</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Minio security advisory GHSA-95fr-cm4m-q5p9 reports:</p>
<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-95fr-cm4m-q5p9">
<p>when used with anonymous requests by sending a random
object name requests you can figure out if the object
exists or not on the server on a specific bucket and also
gain access to some amount of information.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-36107</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36107</url>
</references>
<dates>
<discovery>2024-05-28</discovery>
<entry>2024-06-05</entry>
</dates>
</vuln>
<vuln vid="144836e3-2358-11ef-996e-40b034455553">
<topic>minio -- privilege escalation via permissions inheritance</topic>
<affects>
<package>
<name>minio</name>
<range><lt>2024.01.31.20.20.33</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Minio security advisory GHSA-xx8w-mq23-29g4 ports:</p>
<blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4">
<p>
When someone creates an access key, it inherits the
permissions of the parent key. Not only for s3:* actions,
but also admin:* actions. Which means unless somewhere
above in the access-key hierarchy, the admin rights are
denied, access keys will be able to simply override their
own s3 permissions to something more permissive.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24747</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24747</url>
</references>
<dates>
<discovery>2024-01-31</discovery>
<entry>2024-06-05</entry>
</dates>
</vuln>
<vuln vid="7ade3c38-6d1f-11ef-ae11-b42e991fc52e">
<topic>firefox -- Potential memory corruption and exploitable crash</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>128.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1901411">
<p>An error in the ECMA-262 specification relating to Async Generators
could have resulted in a type confusion, potentially leading to
memory corruption and an exploitable crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7652</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7652</url>
</references>
<dates>
<discovery>2024-09-06</discovery>
<entry>2024-09-07</entry>
</dates>
</vuln>
<vuln vid="3e44c35f-6cf4-11ef-b813-4ccc6adda413">
<topic>exiv2 -- Out-of-bounds read in AsfVideo::streamProperties</topic>
<affects>
<package>
<name>exiv2</name>
<range><ge>0.28.0,1</ge><lt>0.28.3,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kevin Backhouse reports:</p>
<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh">
<p>An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability
is in the parser for the ASF video format, which was a new feature in v0.28.0,
so Exiv2 versions before v0.28 are not affected. The out-of-bounds read is
triggered when Exiv2 is used to read the metadata of a crafted video file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-39695</cvename>
<url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh</url>
</references>
<dates>
<discovery>2024-04-21</discovery>
<entry>2024-09-07</entry>
</dates>
</vuln>
<vuln vid="a5e13973-6c75-11ef-858b-23eeba13701a">
<topic>forgejo -- multiple vulnerabilities</topic>
<affects>
<package>
<name>forgejo</name>
<range><lt>8.0.3</lt></range>
</package>
<package>
<name>forgejo7</name>
<range><lt>7.0.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<ul>
<li>Replace v-html with v-text in search inputbox</li>
<li>Upgrade webpack to v5.94.0 as a precaution to mitigate
CVE-2024-43788, although we were not yet able to confirm that this
can be exploited in Forgejo.</li>
</ul>
</body>
</description>
<references>
<cvename>CVE-2024-43788</cvename>
<url>https://codeberg.org/forgejo/forgejo/milestone/8231</url>
</references>
<dates>
<discovery>2024-09-03</discovery>
<entry>2024-09-06</entry>
</dates>
</vuln>
<vuln vid="943f8915-6c5d-11ef-810a-f8b46a88f42c">
<topic>binutils -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>binutils</name>
<range><lt>2.43,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>alster@vinterdalen.se reports PR/281070:</p>
<blockquote cite="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281070">
<p>A new version of devel/binutils has been released fixing
CVE-2023-1972, CVE-2023-25585, CVE-2023-25586, and
CVE-2023-25588.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-1972</cvename>
<cvename>CVE-2023-25585</cvename>
<cvename>CVE-2023-25586</cvename>
<cvename>CVE-2023-25588</cvename>
</references>
<dates>
<discovery>2024-08-25</discovery>
<entry>2024-09-06</entry>
</dates>
</vuln>
<vuln vid="f5d0cfe7-6ba6-11ef-858b-23eeba13701a">
<topic>gitea -- multiple issues</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.22.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<ul>
<li>Replace v-html with v-text in search inputbox</li>
<li>Fix nuget/conan/container packages upload bugs</li>
</ul>
</body>
</description>
<references>
<url>https://github.com/go-gitea/gitea/releases/tag/v1.22.2</url>
</references>
<dates>
<discovery>2024-09-03</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="66907dab-6bb2-11ef-b813-4ccc6adda413">
<topic>qt5-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.17.p3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 6 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-5496: Use after free in Media Session</li>
<li>CVE-2024-5846: Use after free in PDFium</li>
<li>CVE-2024-6291: Use after free in Swiftshader</li>
<li>CVE-2024-6989: Use after free in Loader</li>
<li>CVE-2024-6996: Race in Frames</li>
<li>CVE-2024-7536: Use after free in WebAudio</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5496</cvename>
<cvename>CVE-2024-5846</cvename>
<cvename>CVE-2024-6291</cvename>
<cvename>CVE-2024-6989</cvename>
<cvename>CVE-2024-6996</cvename>
<cvename>CVE-2024-7536</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2024-08-05</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="a3a1caf5-6ba1-11ef-b9e8-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>130.0_1,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1908496">
<p>This entry contains 8 vulnerabilities:</p>
<ul>
<li>CVE-2024-8381: A potentially exploitable type
confusion could be triggered when looking up a property
name on an object being used as the `with` environment.</li>
<li>CVE-2024-8382: Internal browser event interfaces were
exposed to web content when privileged EventHandler listener
callbacks ran for those events. Web content that tried to
use those interfaces would not be able to use them with
elevated privileges, but their presence would indicate
certain browser features had been used, such as when a user
opened the Dev Tools console.</li>
<li>CVE-2024-8383: Firefox normally asks for confirmation
before asking the operating system to find an application to
handle a scheme that the browser does not support. It did not
ask before doing so for the Usenet-related schemes news: and
snews:. Since most operating systems don't have a
trusted newsreader installed by default, an unscrupulous
program that the user downloaded could register itself as a
handler. The website that served the application download
could then launch that application at will.</li>
<li>CVE-2024-8384: The JavaScript garbage collector could
mis-color cross-compartment objects if OOM conditions were
detected at the right point between two passes. This could have
led to memory corruption.</li>
<li>CVE-2024-8385: A difference in the handling of
StructFields and ArrayTypes in WASM could be used to trigger
an exploitable type confusion vulnerability.</li>
<li>CVE-2024-8386: If a site had been granted the permission
to open popup windows, it could cause Select elements to
appear on top of another site to perform a spoofing attack.</li>
<li>CVE-2024-8387: Memory safety bugs present in Firefox 129,
Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs
showed evidence of memory corruption and we presume that with
enough effort some of these could have been exploited to run
arbitrary code.</li>
<li>CVE-2024-8389: Memory safety bugs present in Firefox 129.
Some of these bugs showed evidence of memory corruption and we
presume that with enough effort some of these could have been
exploited to run arbitrary code.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8381</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8381</url>
<cvename>CVE-2024-8382</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8382</url>
<cvename>CVE-2024-8383</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8383</url>
<cvename>CVE-2024-8384</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8384</url>
<cvename>CVE-2024-8385</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8385</url>
<cvename>CVE-2024-8386</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8386</url>
<cvename>CVE-2024-8387</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8387</url>
<cvename>CVE-2024-8389</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-8389</url>
</references>
<dates>
<discovery>2024-09-03</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="7e079ce2-6b51-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- umtx Kernel panic or Use-After-Free</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
<range><ge>13.3</ge><lt>13.3_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Concurrent removals of such a mapping by using the UMTX_SHM_DESTROY
sub-request of UMTX_OP_SHM can lead to decreasing the reference
count of the object representing the mapping too many times, causing
it to be freed too early.</p>
<h1>Impact:</h1>
<p>A malicious code exercizing the UMTX_SHM_DESTROY sub-request
in parallel can panic the kernel or enable further Use-After-Free
attacks, potentially including code execution or Capsicum sandbox
escape.</p>
</body>
</description>
<references>
<cvename>CVE-2024-43102</cvename>
<freebsdsa>SA-24:14.umtx</freebsdsa>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="4edaa9f4-6b51-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- bhyve(8) privileged guest escape via USB controller</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
<range><ge>13.3</ge><lt>13.3_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>bhyve can be configured to emulate devices on a virtual USB
controller (XHCI), such as USB tablet devices. An insufficient
boundary validation in the USB code could lead to an out-of-bounds
write on the heap, with data controlled by the caller.</p>
<h1>Impact:</h1>
<p>A malicious, privileged software running in a guest VM can
exploit the vulnerability to achieve code execution on the host in
the bhyve userspace process, which typically runs as root. Note
that bhyve runs in a Capsicum sandbox, so malicious code is constrained
by the capabilities available to the bhyve process.</p>
</body>
</description>
<references>
<cvename>CVE-2024-32668</cvename>
<freebsdsa>SA-24:12.bhyve</freebsdsa>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="9bd5e47b-6b50-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- Multiple issues in ctl(4) CAM Target Layer</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
<range><ge>13.3</ge><lt>13.3_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Several vulnerabilities were found in the ctl subsystem.</p>
<p>The function ctl_write_buffer incorrectly set a flag which resulted
in a kernel Use-After-Free when a command finished processing
(CVE-2024-45063). The ctl_write_buffer and ctl_read_buffer functions
allocated memory to be returned to userspace, without initializing
it (CVE-2024-8178). The ctl_report_supported_opcodes function did
not sufficiently validate a field provided by userspace, allowing
an arbitrary write to a limited amount of kernel help memory
(CVE-2024-42416). The ctl_request_sense function could expose up
to three bytes of the kernel heap to userspace (CVE-2024-43110).</p>
<p>Guest virtual machines in the bhyve hypervisor can send SCSI commands
to the corresponding kernel driver via the virtio_scsi interface.
This provides guests with direct access to the vulnerabilities
covered by this advisory.</p>
<p>The CAM Target Layer iSCSI target daemon ctld(8) accepts incoming
iSCSI connections, performs authentication and passes connections
to the kernel ctl(4) target layer.</p>
<h1>Impact:</h1>
<p>Malicious software running in a guest VM that exposes virtio_scsi
can exploit the vulnerabilities to achieve code execution on the
host in the bhyve userspace process, which typically runs as root.
Note that bhyve runs in a Capsicum sandbox, so malicious code is
constrained by the capabilities available to the bhyve process.</p>
<p>A malicious iSCSI initiator could achieve remote code execution on
the iSCSI target host.</p>
</body>
</description>
<references>
<cvename>CVE-2024-8178</cvename>
<cvename>CVE-2024-42416</cvename>
<cvename>CVE-2024-43110</cvename>
<freebsdsa>SA-24:11.ctl</freebsdsa>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="56d76414-6b50-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- bhyve(8) privileged guest escape via TPM device passthrough</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>bhyve can be configured to provide access to the host's TPM
device, where it passes the communication through an emulated device
provided to the guest. This may be performed on the command-line
by starting bhyve with the `-l tpm,passthru,/dev/tpmX` parameters.</p>
<p>The MMIO handler for the emulated device did not validate the offset
and size of the memory access correctly, allowing guests to read
and write memory contents outside of the memory area effectively
allocated.</p>
<h1>Impact:</h1>
<p>Malicious software running in a guest VM can exploit the buffer
overflow to achieve code execution on the host in the bhyve userspace
process, which typically runs as root. Note that bhyve runs in a
Capsicum sandbox, so malicious code is constrained by the capabilities
available to the bhyve process.</p>
</body>
</description>
<references>
<cvename>CVE-2024-41928</cvename>
<freebsdsa>SA-24:10.bhyve</freebsdsa>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="8d1f9adf-6b4f-11ef-9a62-002590c1f29c">
<topic>FreeBSD -- Multiple vulnerabilities in libnv</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
<range><ge>13.3</ge><lt>13.3_6</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
<range><ge>13.3</ge><lt>13.3_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>CVE-2024-45287 is a vulnerability that affects both the kernel
and userland. A malicious value of size in a structure of packed
libnv can cause an integer overflow, leading to the allocation of
a smaller buffer than required for the parsed data.</p>
<p>CVE-2024-45288 is a vulnerability that affects both the kernel and
userland. A missing null-termination character in the last element
of an nvlist array string can lead to writing outside the allocated
buffer.</p>
<h1>Impact:</h1>
<p>It is possible for an attacker to overwrite portions of memory
(in userland or the kernel) as the allocated buffer might be smaller
than the data received from a malicious process. This vulnerability
could result in privilege escalation or cause a system panic.</p>
</body>
</description>
<references>
<cvename>CVE-2024-45287</cvename>
<cvename>CVE-2024-45288</cvename>
<freebsdsa>SA-24:09.libnv</freebsdsa>
</references>
<dates>
<discovery>2024-09-04</discovery>
<entry>2024-09-05</entry>
</dates>
</vuln>
<vuln vid="21f505f4-6a1c-11ef-b611-84a93843eb75">
<topic>OpenSSL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.15,1</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.7</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.3</lt></range>
</package>
<package>
<name>openssl33</name>
<range><lt>3.3.2</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.15</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.7</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_4</lt></range>
<range><ge>14.0</ge><lt>14.0_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://openssl-library.org/news/secadv/20240903.txt">
<p>Possible denial of service in X.509 name checks [Moderate severity]
Applications performing certificate name checks (e.g., TLS clients
checking server certificates) may attempt to read an invalid
memory address resulting in abnormal termination of the application
process.</p>
<p>SSL_select_next_proto buffer overread [Low severity]
Calling the OpenSSL API function SSL_select_next_proto with an empty
supported client protocols buffer may cause a crash or memory
contents to be sent to the peer.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5535</cvename>
<cvename>CVE-2024-6119</cvename>
<url>https://openssl-library.org/news/secadv/20240627.txt</url>
<url>https://openssl-library.org/news/secadv/20240903.txt</url>
<freebsdsa>SA-24:13.openssl</freebsdsa>
</references>
<dates>
<discovery>2024-09-03</discovery>
<entry>2024-09-03</entry>
<modified>2024-09-05</modified>
</dates>
</vuln>
<vuln vid="26125e09-69ca-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>128.0.6613.119</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>128.0.6613.119</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[357391257] High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05</li>
<li>[358485426] High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-8362</cvename>
<cvename>CVE-2024-7970</cvename>
<url>https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-09-02</discovery>
<entry>2024-09-03</entry>
</dates>
</vuln>
<vuln vid="eb437e17-66a1-11ef-ac08-75165d18d8d2">
<topic>forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.</topic>
<affects>
<package>
<name>forgejo</name>
<range><lt>8.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The forgejo team reports:</p>
<blockquote cite="https://codeberg.org/forgejo/forgejo/milestone/7728">
<p>The scope of application tokens was not verified when writing
containers or Conan packages. This is of no consequence when the
user associated with the application token does not have write
access to packages. If the user has write access to packages, such
a token can be used to write containers and Conan packages. An
application token that was used to write containers or Conan
packages without the package:write scope will now fail with an
unauthorized error. It must be re-created to include the
package:write scope.</p>
</blockquote>
</body>
</description>
<references>
<url>https://codeberg.org/forgejo/forgejo/pulls/5149</url>
</references>
<dates>
<discovery>2024-08-26</discovery>
<entry>2024-08-30</entry>
</dates>
</vuln>
<vuln vid="7e9cc7fd-6b3e-46c5-ad6d-409d90d41bbf">
<topic>RabbitMQ-C -- auth credentials visible in commandline tool options</topic>
<affects>
<package>
<name>rabbitmq-c</name>
<range><lt>0.14.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>hadmut reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2023-35789">
<p>This C library includes 2 command-line tools that can take
credentials as command-line options. The credentials are exposed
as plain-text in the process list. This could allow an attacker
with access to the process list to see the credentials.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-35789</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-35789</url>
</references>
<dates>
<discovery>2019-09-19</discovery>
<entry>2024-08-30</entry>
</dates>
</vuln>
<vuln vid="5e4d7172-66b8-11ef-b104-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>129.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1909241">
<ul>
<li>Firefox adds web-compatibility shims in place of some
tracking scripts blocked by Enhanced Tracking Protection.
On a site protected by Content Security Policy in
"strict-dynamic" mode, an attacker able to
inject an HTML element could have used a DOM
Clobbering attack on some of the shims and achieved XSS,
bypassing the CSP strict-dynamic protection.</li>
<li>Form validation popups could capture escape key presses.
Therefore, spamming form validation messages could be used
to prevent users from exiting full-screen mode.</li>
<li>When almost out-of-memory an elliptic curve key which
was never allocated could have been freed again. </li>
<li>It was possible to move the cursor using pointerlock
from an iframe. This allowed moving the cursor outside
of the viewport and the Firefox window.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7524</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7524</url>
<cvename>CVE-2024-6610</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-6610</url>
<cvename>CVE-2024-6609</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-6609</url>
<cvename>CVE-2024-6608</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-6608</url>
</references>
<dates>
<discovery>2024-08-06</discovery>
<entry>2024-08-30</entry>
</dates>
</vuln>
<vuln vid="6f2545bb-65e8-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>128.0.6613.113</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>128.0.6613.113</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09</li>
<li>[360265320] High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-16</li>
<li>[360533914] High CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-08-18</li>
<li>[360758697] High CVE-2024-8198: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-19</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7969</cvename>
<cvename>CVE-2024-8193</cvename>
<cvename>CVE-2024-8194</cvename>
<cvename>CVE-2024-8198</cvename>
<url>https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html</url>
</references>
<dates>
<discovery>2024-08-28</discovery>
<entry>2024-08-29</entry>
</dates>
</vuln>
<vuln vid="46419e8c-65d9-11ef-ac06-b0416f0c4c67">
<topic>Configobj -- Regular Expression Denial of Service attack</topic>
<affects>
<package>
<name>py38-configobj</name>
<name>py39-configobj</name>
<name>py310-configobj</name>
<name>py311-configobj</name>
<range><le>5.0.8</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>report@snyk.io reports:</p>
<blockquote cite="https://github.com/DiffSK/configobj/issues/232">
<p>All versions of the package configobj are vulnerable to Regular
Expression Denial of Service (ReDoS) via the validate function,
using (.+?)\((.*)\).**Note:** This is only exploitable in the case
of a developer putting the offending value in a server side
configuration file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-26112</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-26112</url>
</references>
<dates>
<discovery>2023-04-03</discovery>
<entry>2024-08-29</entry>
</dates>
</vuln>
<vuln vid="49ef501c-62b6-11ef-bba5-2cf05da270f3">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.3.0</ge><lt>17.3.1</lt></range>
<range><ge>17.2.0</ge><lt>17.2.4</lt></range>
<range><ge>8.2.0</ge><lt>17.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/">
<p>The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases</p>
<p>Denial of Service by importing maliciously crafted GitHub repository</p>
<p>Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline</p>
<p>An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6502</cvename>
<cvename>CVE-2024-8041</cvename>
<cvename>CVE-2024-7110</cvename>
<cvename>CVE-2024-3127</cvename>
<url>https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/</url>
</references>
<dates>
<discovery>2024-08-21</discovery>
<entry>2024-08-25</entry>
</dates>
</vuln>
<vuln vid="7e6e932f-617b-11ef-8a7d-b42e991fc52e">
<topic>firefox -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>127,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1414937">
<ul>
<li>CVE-2024-5697: A website was able to detect when a
user took a screenshot of a page using the built-in
Screenshot functionality in Firefox.</li>
<li>CVE-2024-5698: By manipulating the fullscreen
feature while opening a data-list, an attacker could
have overlaid a text box over the address bar. This
could have led to user confusion and possible spoofing
attacks.
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5697</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-5697</url>
<cvename>CVE-2024-5698</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-5698</url>
</references>
<dates>
<discovery>2024-06-11</discovery>
<entry>2024-08-23</entry>
</dates>
</vuln>
<vuln vid="6e8b9c75-6179-11ef-8a7d-b42e991fc52e">
<topic>mcpp -- Heap-based buffer overflow</topic>
<affects>
<package>
<name>mcpp</name>
<range><lt>2.7.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00032.html">
<p>MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function
in support.c.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-14274</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2019-14274</url>
</references>
<dates>
<discovery>2019-07-26</discovery>
<entry>2024-08-23</entry>
</dates>
</vuln>
<vuln vid="f2b1da2e-6178-11ef-8a7d-b42e991fc52e">
<topic>md4c -- DoS attack</topic>
<affects>
<package>
<name>md4c</name>
<range><lt>0.4.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19">
<p>md_analyze_line in md4c.c in md4c 0.4.7 allows attackers
to trigger use of uninitialized memory, and cause a denial
of service via a malformed Markdown document.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-30027</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-30027</url>
</references>
<dates>
<discovery>2021-04-29</discovery>
<entry>2024-08-23</entry>
</dates>
</vuln>
<vuln vid="b339992e-6059-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>128.0.6613.84</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>128.0.6613.84</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html">
<p>This update includes 38 security fixes:</p>
<ul>
<li>[358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08</li>
<li>[356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30</li>
<li>[355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25</li>
<li>[355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27</li>
<li>[349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25</li>
<li>[351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09</li>
<li>[360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19</li>
<li>[345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10</li>
<li>[345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06</li>
<li>[339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07</li>
<li>[347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16</li>
<li>[339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10</li>
<li>[324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11</li>
<li>[40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21</li>
<li>[356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29</li>
<li>[356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30</li>
<li>[40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14</li>
<li>[350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30</li>
<li>[353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18</li>
<li>[40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7964</cvename>
<cvename>CVE-2024-7965</cvename>
<cvename>CVE-2024-7966</cvename>
<cvename>CVE-2024-7967</cvename>
<cvename>CVE-2024-7968</cvename>
<cvename>CVE-2024-7969</cvename>
<cvename>CVE-2024-7971</cvename>
<cvename>CVE-2024-7972</cvename>
<cvename>CVE-2024-7973</cvename>
<cvename>CVE-2024-7974</cvename>
<cvename>CVE-2024-7975</cvename>
<cvename>CVE-2024-7976</cvename>
<cvename>CVE-2024-7977</cvename>
<cvename>CVE-2024-7978</cvename>
<cvename>CVE-2024-7979</cvename>
<cvename>CVE-2024-7980</cvename>
<cvename>CVE-2024-7981</cvename>
<cvename>CVE-2024-8033</cvename>
<cvename>CVE-2024-8034</cvename>
<cvename>CVE-2024-8035</cvename>
<url>https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html</url>
</references>
<dates>
<discovery>2024-08-21</discovery>
<entry>2024-08-22</entry>
</dates>
</vuln>
<vuln vid="addc71b8-6024-11ef-86a1-8c164567ca3c">
<topic>nginx -- Vulnerability in the ngx_http_mp4_module</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><ge>1.5.13,3</ge><lt>1.27.1,3</lt></range>
</package>
<package>
<name>nginx</name>
<range><ge>1.6.0,3</ge><lt>1.26.2,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx development team reports:</p>
<blockquote cite="http://nginx.org/en/security_advisories.html">
<p>This update fixes the buffer overread vulnerability in the
ngx_http_mp4_module.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7347</cvename>
</references>
<dates>
<discovery>2024-08-14</discovery>
<entry>2024-08-22</entry>
</dates>
</vuln>
<vuln vid="04c9c3f8-5ed3-11ef-8262-b0416f0c4c67">
<topic>Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter</topic>
<affects>
<package>
<name>py38-Jinja2</name>
<name>py39-Jinja2</name>
<name>py310-Jinja2</name>
<name>py311-Jinja2</name>
<range><lt>3.1.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb">
<p>Jinja is an extensible templating engine. The `xmlattr` filter in
affected versions of Jinja accepts keys containing non-attribute
characters. XML/HTML attributes cannot contain spaces, `/`, `>`,
or `=`, as each would then be interpreted as starting a separate
attribute. If an application accepts keys (as opposed to only
values) as user input, and renders these in pages that other users
see as well, an attacker could use this to inject other attributes
and perform XSS. The fix for CVE-2024-22195 only addressed spaces
but not other characters. Accepting keys as user input is now
explicitly considered an unintended use case of the `xmlattr` filter,
and code that does so without otherwise validating the input should
be flagged as insecure, regardless of Jinja version. Accepting
_values_ as user input continues to be safe. This vulnerability
is fixed in 3.1.4.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-34064</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-34064</url>
</references>
<dates>
<discovery>2024-05-06</discovery>
<entry>2024-08-20</entry>
</dates>
</vuln>
<vuln vid="d0ac9a17-5e68-11ef-b8cc-b42e991fc52e">
<topic>mozilla products -- spoofing attack</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>129,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1875354">
<p>Select options could obscure the fullscreen notification dialog.
This could be used by a malicious site to perform a spoofing attack.
This vulnerability affects Firefox < 129, Firefox ESR < 128.1,
and Thunderbird < 128.1.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7518</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7518</url>
</references>
<dates>
<discovery>2024-08-06</discovery>
<entry>2024-08-19</entry>
</dates>
</vuln>
<vuln vid="e61af8f4-455d-4f99-8d81-fbb004929dab">
<topic>electron31 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron31</name>
<range><lt>31.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v31.4.0">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-6989.</li>
<li>Security: backported fix for CVE-2024-6991.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6989</cvename>
<url>https://github.com/advisories/GHSA-32j6-235r-7fmm</url>
<cvename>CVE-2024-6991</cvename>
<url>https://github.com/advisories/GHSA-3v8g-fm64-g4mc</url>
</references>
<dates>
<discovery>2024-08-15</discovery>
<entry>2024-08-18</entry>
</dates>
</vuln>
<vuln vid="ac025402-4cbc-4177-bd99-c20c03a07f23">
<topic>electron{29,30} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.6</lt></range>
</package>
<package>
<name>electron30</name>
<range><lt>30.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.6">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-6776.</li>
<li>Security: backported fix for CVE-2024-6778.</li>
<li>Security: backported fix for CVE-2024-6777.</li>
<li>Security: backported fix for CVE-2024-6773.</li>
<li>Security: backported fix for CVE-2024-6774.</li>
<li>Security: backported fix for CVE-2024-6772.</li>
<li>Security: backported fix for CVE-2024-6775.</li>
<li>Security: backported fix for CVE-2024-6779.</li>
<li>Security: backported fix for CVE-2024-6989.</li>
<li>Security: backported fix for CVE-2024-6991.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6776</cvename>
<url>https://github.com/advisories/GHSA-7hjm-9cg2-rcg6</url>
<cvename>CVE-2024-6778</cvename>
<url>https://github.com/advisories/GHSA-9m98-937v-r97x</url>
<cvename>CVE-2024-6777</cvename>
<url>https://github.com/advisories/GHSA-w2v8-c457-cjvf</url>
<cvename>CVE-2024-6773</cvename>
<url>https://github.com/advisories/GHSA-7gj8-545r-5295</url>
<cvename>CVE-2024-6774</cvename>
<url>https://github.com/advisories/GHSA-cgm7-mqr6-f7vg</url>
<cvename>CVE-2024-6772</cvename>
<url>https://github.com/advisories/GHSA-cc8c-62x7-qwjr</url>
<cvename>CVE-2024-6775</cvename>
<url>https://github.com/advisories/GHSA-mxwm-jm3p-mh5m</url>
<cvename>CVE-2024-6779</cvename>
<url>https://github.com/advisories/GHSA-v4v9-v4wf-9c86</url>
<cvename>CVE-2024-6989</cvename>
<url>https://github.com/advisories/GHSA-32j6-235r-7fmm</url>
<cvename>CVE-2024-6991</cvename>
<url>https://github.com/advisories/GHSA-3v8g-fm64-g4mc</url>
</references>
<dates>
<discovery>2024-08-16</discovery>
<entry>2024-08-18</entry>
</dates>
</vuln>
<vuln vid="6a6ad6cb-5c6c-11ef-b456-001e676bf734">
<topic>Dovecot -- DoS</topic>
<affects>
<package>
<name>dovecot</name>
<range><lt>2.3.21.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dovecot reports:</p>
<blockquote cite="https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/">
<p>A DoS is possible with a large number of address headers or abnormally large email headers.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-23184</cvename>
<cvename>CVE-2024-23185</cvename>
<url>https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/</url>
</references>
<dates>
<discovery>2024-08-14</discovery>
<entry>2024-08-16</entry>
</dates>
</vuln>
<vuln vid="9d8e9952-5a42-11ef-a219-1c697a616631">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20240813</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html">
<p>
A potential security vulnerability in SMI Transfer monitor (STM) may
allow escalation of privilege. Intel has released microcode updates
to mitigate this potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html">
<p>
A potential security vulnerability in some 3rd Generation Intel Xeon
Scalable Processors may allow denial of service. Intel has released
microcode updates to mitigate this potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html">
<p>
A potential security vulnerability in some 3rd, 4th, and 5th
Generation Intel Xeon Processors may allow escalation of privilege.
Intel has released firmware updates to mitigate this potential
vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html">
<p>
A potential security vulnerability in the Intel Core Ultra Processor
stream cache mechanism may allow escalation of privilege. Intel has
released microcode updates to mitigate this potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html">
<p>
A potential security vulnerability in some Intel Processor stream
cache mechanisms may allow escalation of privilege. Intel has
released microcode updates to mitigate this potential vulnerability.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24853</cvename>
<cvename>CVE-2024-25939</cvename>
<cvename>CVE-2024-24980</cvename>
<cvename>CVE-2023-42667</cvename>
<cvename>CVE-2023-49141</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240813</url>
</references>
<dates>
<discovery>2024-08-13</discovery>
<entry>2024-08-14</entry>
</dates>
</vuln>
<vuln vid="5d7939f6-5989-11ef-9793-b42e991fc52e">
<topic>firefox -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>129.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1905691">
<ul>
<li>
CVE-2024-7531: Calling `PK11_Encrypt()` in NSS using
CKM_CHACHA20 and the same buffer for input and output can
result in plaintext on an Intel Sandy Bridge processor. In
Firefox this only affects the QUIC header protection
feature when the connection is using the ChaCha20-Poly1305
cipher suite. The most likely outcome is connection
failure, but if the connection persists despite the high
packet loss it could be possible for a network observer to
identify packets as coming from the same source despite a
network path change. This vulnerability affects Firefox
< 129, Firefox ESR < 115.14, and Firefox ESR <
128.1.
</li>
<li>
CVE-2024-7529: The date picker could partially obscure
security prompts. This could be used by a malicious site
to trick a user into granting permissions. This
vulnerability affects Firefox < 129, Firefox ESR <
115.14, Firefox ESR < 128.1, Thunderbird < 128.1,
and Thunderbird < 115.14.
</li>
<li>
CVE-2024-7525: It was possible for a web extension with
minimal permissions to create a `StreamFilter` which could
be used to read and modify the response body of requests
on any site. This vulnerability affects Firefox < 129,
Firefox ESR < 115.14, Firefox ESR < 128.1,
Thunderbird < 128.1, and Thunderbird < 115.14.
</li>
<li>
CVE-2024-7522: Editor code failed to check an attribute
value. This could have led to an out-of-bounds read. This
vulnerability affects Firefox < 129, Firefox ESR <
115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and
Thunderbird < 115.14.
</li>
<li>
CVE-2024-7520: A type confusion bug in WebAssembly could
be leveraged by an attacker to potentially achieve code
execution. This vulnerability affects Firefox < 129,
Firefox ESR < 128.1, and Thunderbird < 128.1.
</li>
<li>
CVE-2024-7521: Incomplete WebAssembly exception handing
could have led to a use-after-free. This vulnerability
affects Firefox < 129, Firefox ESR < 115.14,
Firefox ESR < 128.1, Thunderbird < 128.1, and
Thunderbird < 115.14.
</li>
<li>
CVE-2024-7530: Incorrect garbage collection interaction
could have led to a use-after-free. This vulnerability
affects Firefox < 129.
</li>
<li>
CVE-2024-7528: Incorrect garbage collection interaction in
IndexedDB could have led to a use-after-free. This
vulnerability affects Firefox < 129,
Firefox ESR < 128.1, and Thunderbird < 128.1.
</li>
<li>
CVE-2024-7527: Unexpected marking work at the start of
sweeping could have led to a use-after-free. This
vulnerability affects Firefox < 129,
Firefox ESR < 115.14, Firefox ESR < 128.1,
Thunderbird < 128.1, and Thunderbird < 115.14.
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7531</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7531</url>
<cvename>CVE-2024-7529</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7529</url>
<cvename>CVE-2024-7525</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7525</url>
<cvename>CVE-2024-7522</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7522</url>
<cvename>CVE-2024-7520</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7520</url>
<cvename>CVE-2024-7521</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7521</url>
<cvename>CVE-2024-7530</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7530</url>
<cvename>CVE-2024-7528</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7528</url>
<cvename>CVE-2024-7527</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-7527</url>
</references>
<dates>
<discovery>2024-08-06</discovery>
<entry>2024-08-13</entry>
</dates>
</vuln>
<vuln vid="587ed8ac-5957-11ef-854a-001e676bf734">
<topic>OpenHAB CometVisu addon -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openhab-addons</name>
<range><lt>4.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenHAB reports:</p>
<blockquote cite="https://github.com/openhab/openhab-distro/releases/tag/4.2.1">
<p>This patch release addresses the following security advisories:</p>
<ul>
<li>SSRF/XSS (CometVisu) - <a href="https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3">GHSA-v7gr-mqpj-wwh3</a></li>
<li>Sensitive information disclosure (CometVisu) - <a href="https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj">GHSA-3g4c-hjhr-73rj</a></li>
<li>RCE through path traversal (CometVisu) - <a href="https://github.com/openhab/openhab-webui/sec
urity/advisories/GHSA-f729-58x4-gqgf">GHSA-f729-58x4-gqgf</a></li>
<li>Path traversal (CometVisu) - <a href="https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w">GHSA-pcwp-26pw-j98w</a></li>
</ul>
<p>
All of these are related to the CometVisu add-on for openHAB - if you are a user of CometVisu, we strongly recommend to upgrade your system to openHAB 4.2.1 in order to fix those vulnerabilities.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/openhab/openhab-distro/releases/tag/4.2.1</url>
<url>https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3</url>
<url>https://github.com/openhab/openhab-webui/security/advisories/GHSA-3g4c-hjhr-73rj</url>
<url>https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf</url>
<url>https://github.com/openhab/openhab-webui/security/advisories/GHSA-pcwp-26pw-j98w</url>
</references>
<dates>
<discovery>2024-08-09</discovery>
<entry>2024-08-09</entry>
</dates>
</vuln>
<vuln vid="d2723b0f-58d9-11ef-b611-84a93843eb75">
<topic>Vaultwarden -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>vaultwarden</name>
<range><lt>1.32.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SO-AND-SO reports:</p>
<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0">
<p>This release has several CVE Reports fixed and we recommend
everybody to update to the latest version as soon as possible.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-39924</cvename>
<cvename>CVE-2024-39925</cvename>
<cvename>CVE-2024-39926</cvename>
<url>https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0</url>
</references>
<dates>
<discovery>2024-08-11</discovery>
<entry>2024-08-12</entry>
</dates>
</vuln>
<vuln vid="7d631146-5769-11ef-b618-1c697a616631">
<topic>AMD CPUs -- Guest Memory Vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-amd</name>
<range><lt>20240810</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>AMD reports:</p>
<blockquote cite="https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html">
<p>
Researchers from IOActive have reported that it may be possible for
an attacker with ring 0 access to modify the configuration of System
Management Mode (SMM) even when SMM Lock is enabled. Improper
validation in a model specific register (MSR) could allow a malicious
program with ring0 access to modify SMM configuration while SMI lock
is enabled, potentially leading to arbitrary code execution.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-31315</cvename>
<url>https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html</url>
</references>
<dates>
<discovery>2024-08-09</discovery>
<entry>2024-08-10</entry>
</dates>
</vuln>
<vuln vid="5776cc4f-5717-11ef-b611-84a93843eb75">
<topic>Roundcube -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>roundcube</name>
<range><lt>1.6.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Roundcube project reports:</p>
<blockquote cite="https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8">
<p>XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]</p>
<p>XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]</p>
<p>information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-42009</cvename>
<cvename>CVE-2024-42008</cvename>
<cvename>CVE-2024-42010</cvename>
<url>https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8</url>
</references>
<dates>
<discovery>2024-08-04</discovery>
<entry>2024-08-10</entry>
</dates>
</vuln>
<vuln vid="aa1c7af9-570e-11ef-a43e-b42e991fc52e">
<topic>mozilla firefox -- protocol information guessing</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>127.0,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@mozilla.org reports:</p>
<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1883693">
<p>By monitoring the time certain operations take, an attacker could
have guessed which external protocol handlers were functional on a
user's system. This vulnerability affects Firefox < 127,
Firefox ESR < 115.12, and Thunderbird < 115.12.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5690</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-5690</url>
</references>
<dates>
<discovery>2024-06-11</discovery>
<entry>2024-08-10</entry>
</dates>
</vuln>
<vuln vid="8c342a6c-563f-11ef-a77e-901b0e9408dc">
<topic>soft-serve -- Remote code execution vulnerability</topic>
<affects>
<package>
<name>soft-serve</name>
<range><lt>0.7.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>soft-serve team reports:</p>
<blockquote cite="https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f">
<p>Arbitrary code execution by crafting git ssh requests</p>
<p>It is possible for a user who can commit files to a
repository hosted by Soft Serve to execute arbitrary code
via environment manipulation and Git.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-41956</cvename>
<url>https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-m445-w3xr-vp2f</url>
</references>
<dates>
<discovery>2024-08-01</discovery>
<entry>2024-08-09</entry>
</dates>
</vuln>
<vuln vid="48e6d514-5568-11ef-af48-6cc21735f730">
<topic>PostgreSQL -- Prevent unauthorized code execution during pg_dump</topic>
<affects>
<package>
<name>postgresql12-client</name>
<range><lt>12.20</lt></range>
</package>
<package>
<name>postgresql13-client</name>
<range><lt>13.16</lt></range>
</package>
<package>
<name>postgresql14-client</name>
<range><lt>14.13</lt></range>
</package>
<package>
<name>postgresql15-client</name>
<range><lt>15.8</lt></range>
</package>
<package>
<name>postgresql16-client</name>
<range><lt>16.4</lt></range>
</package>
<package>
<name>postgresql12-server</name>
<range><lt>12.20</lt></range>
</package>
<package>
<name>postgresql13-server</name>
<range><lt>13.16</lt></range>
</package>
<package>
<name>postgresql14-server</name>
<range><lt>14.13</lt></range>
</package>
<package>
<name>postgresql15-server</name>
<range><lt>15.8</lt></range>
</package>
<package>
<name>postgresql16-server</name>
<range><lt>16.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL project reports:</p>
<blockquote cite="https://www.postgresql.org/support/security/CVE-2024-7348/">
<p>
An attacker able to create and drop non-temporary objects could
inject SQL code that would be executed by a concurrent pg_dump
session with the privileges of the role running pg_dump
(which is often a superuser). The attack involves replacing a
sequence or similar object with a view or foreign table that will
execute malicious code. To prevent this, introduce a new server
parameter restrict_nonsystem_relation_kind that can disable
expansion of non-builtin views as well as access to foreign
tables, and teach pg_dump to set it when available. Note that the
attack is prevented only if both pg_dump and the server it is
dumping from are new enough to have this fix.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7348</cvename>
<url>https://www.postgresql.org/support/security/CVE-2024-7348/</url>
</references>
<dates>
<discovery>2024-08-08</discovery>
<entry>2024-08-08</entry>
</dates>
</vuln>
<vuln vid="db8fa362-0ccb-4aa8-9220-72b7763e9a4a">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.471</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.462.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2024-08-07/">
<h1>Description</h1>
<h5>(Critical) SECURITY-3430 / CVE-2024-43044</h5>
<p>Arbitrary file read vulnerability through agent connections can lead to RCE</p>
<h1>Description</h1>
<h5>(Medium) SECURITY-3349 / CVE-2024-43045</h5>
<p>Missing permission check allows accessing other users' "My Views"</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-43044</cvename>
<cvename>CVE-2024-43045</cvename>
<url>https://www.jenkins.io/security/advisory/2024-08-07/</url>
</references>
<dates>
<discovery>2024-08-07</discovery>
<entry>2024-08-07</entry>
</dates>
</vuln>
<vuln vid="729008b9-54bf-11ef-a61b-2cf05da270f3">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.2.0</ge><lt>17.2.2</lt></range>
<range><ge>17.1.0</ge><lt>17.1.4</lt></range>
<range><ge>12.0.0</ge><lt>17.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/">
<p>Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access</p>
<p>Cross project access of Security policy bot</p>
<p>Advanced search ReDOS in highlight for code results</p>
<p>Denial of Service via banzai pipeline</p>
<p>Denial of service using adoc files</p>
<p>ReDoS in RefMatcher when matching branch names using wildcards</p>
<p>Path encoding can cause the Web interface to not render diffs correctly</p>
<p>XSS while viewing raw XHTML files through API</p>
<p>Ambiguous tag name exploitation</p>
<p>Logs disclosings potentially sensitive data in query params</p>
<p>Password bypass on approvals using policy projects</p>
<p>ReDoS when parsing git push</p>
<p>Webhook deletion audit log can preserve auth credentials</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3035</cvename>
<cvename>CVE-2024-6356</cvename>
<cvename>CVE-2024-5423</cvename>
<cvename>CVE-2024-4210</cvename>
<cvename>CVE-2024-2800</cvename>
<cvename>CVE-2024-6329</cvename>
<cvename>CVE-2024-4207</cvename>
<cvename>CVE-2024-3958</cvename>
<cvename>CVE-2024-4784</cvename>
<cvename>CVE-2024-3114</cvename>
<cvename>CVE-2024-7586</cvename>
<url>https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/</url>
</references>
<dates>
<discovery>2024-08-07</discovery>
<entry>2024-08-07</entry>
</dates>
</vuln>
<vuln vid="94d441d2-5497-11ef-9d2f-080027836e8b">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py39-django42</name>
<name>py310-django42</name>
<name>py311-django42</name>
<range><lt>4.2.15</lt></range>
</package>
<package>
<name>py310-django50</name>
<name>py311-django50</name>
<range><lt>5.0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2024/aug/06/security-releases/">
<p>CVE-2024-41989: Memory exhaustion in django.utils.numberformat.floatformat().</p>
<p>CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize().</p>
<p>CVE-2024-41991: Potential denial-of-service vulnerability in
django.utils.html.urlize() and AdminURLFieldWidget.</p>
<p>CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list().</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-41989</cvename>
<cvename>CVE-2024-41990</cvename>
<cvename>CVE-2024-41991</cvename>
<cvename>CVE-2024-42005</cvename>
<url>https://www.djangoproject.com/weblog/2024/aug/06/security-releases/</url>
</references>
<dates>
<discovery>2024-08-01</discovery>
<entry>2024-08-07</entry>
</dates>
</vuln>
<vuln vid="05cd9f82-5426-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>127.0.6533.99</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>127.0.6533.99</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html">
<p>This update includes 5 security fixes:</p>
<ul>
<li>[350528343] Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02</li>
<li>[353552540] High CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-07-17</li>
<li>[355256380] High CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-07-25</li>
<li>[352467338] High CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11</li>
<li>[352690885] High CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12</li>
<li>[354847246] High CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-07-23</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-7532</cvename>
<cvename>CVE-2024-7550</cvename>
<cvename>CVE-2024-7534</cvename>
<cvename>CVE-2024-7535</cvename>
<cvename>CVE-2024-7536</cvename>
<url>https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-08-06</discovery>
<entry>2024-08-06</entry>
</dates>
</vuln>
<vuln vid="15d398ea-4f73-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>127.0.6533.88</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>127.0.6533.88</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[353034820] Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15</li>
<li>[352872238] High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13</li>
<li>[354748060] High CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert on 2024-07-23</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6990</cvename>
<cvename>CVE-2024-7255</cvename>
<cvename>CVE-2024-7256</cvename>
<url>https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html</url>
</references>
<dates>
<discovery>2024-07-30</discovery>
<entry>2024-07-31</entry>
</dates>
</vuln>
<vuln vid="fb0b5574-4e64-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>127.0.6533.72</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>127.0.6533.72</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html">
<p>This update includes 22 security fixes:</p>
<ul>
<li>[349198731] High CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25</li>
<li>[349342289] High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on 2024-06-25</li>
<li>[346618785] High CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz on 2024-06-12</li>
<li>[339686368] Medium CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10</li>
<li>[343938078] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz on 2024-06-01</li>
<li>[333708039] Medium CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10</li>
<li>[325293263] Medium CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15</li>
<li>[340098902] Medium CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13</li>
<li>[340893685] Medium CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15</li>
<li>[339877158] Medium CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11</li>
<li>[347509736] Medium CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17</li>
<li>[338233148] Low CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01</li>
<li>[40063014] Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10</li>
<li>[40068800] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq on 2023-08-04</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6988</cvename>
<cvename>CVE-2024-6989</cvename>
<cvename>CVE-2024-6991</cvename>
<cvename>CVE-2024-6994</cvename>
<cvename>CVE-2024-6995</cvename>
<cvename>CVE-2024-6996</cvename>
<cvename>CVE-2024-6997</cvename>
<cvename>CVE-2024-6998</cvename>
<cvename>CVE-2024-6999</cvename>
<cvename>CVE-2024-7000</cvename>
<cvename>CVE-2024-7001</cvename>
<cvename>CVE-2024-7003</cvename>
<cvename>CVE-2024-7004</cvename>
<cvename>CVE-2024-7005</cvename>
<url>https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html</url>
</references>
<dates>
<discovery>2024-07-23</discovery>
<entry>2024-07-30</entry>
</dates>
</vuln>
<vuln vid="8057d198-4d26-11ef-8e64-641c67a117d8">
<topic>znc -- remote code execution vulnerability</topic>
<affects>
<package>
<name>znc</name>
<range><lt>1.9.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mitre reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39844">
<p>In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-39844</cvename>
<url>https://wiki.znc.in/ChangeLog/1.9.1</url>
<url>https://www.openwall.com/lists/oss-security/2024/07/03/9</url>
</references>
<dates>
<discovery>2024-07-03</discovery>
<entry>2024-07-28</entry>
</dates>
</vuln>
<vuln vid="3e917407-4b3f-11ef-8e49-001999f8d30b">
<topic>Mailpit -- Content Security Policy XSS</topic>
<affects>
<package>
<name>mailpit</name>
<range><lt>1.19.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mailpit developer reports:</p>
<blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.19.3">
<p>A vulnerability was discovered which allowed a bad
actor with SMTP access to Mailpit to bypass the Content
Security Policy headers using a series of crafted HTML
messages which could result in a stored XSS attack via
the web UI.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/axllent/mailpit/releases/tag/v1.19.3</url>
</references>
<dates>
<discovery>2024-07-26</discovery>
<entry>2024-07-26</entry>
</dates>
</vuln>
<vuln vid="24c88add-4a3e-11ef-86d7-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.2.0</ge><lt>17.2.1</lt></range>
<range><ge>17.1.0</ge><lt>17.1.3</lt></range>
<range><ge>12.0.0</ge><lt>17.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/">
<p>XSS via the Maven Dependency Proxy</p>
<p>Project level analytics settings leaked in DOM</p>
<p>Reports can access and download job artifacts despite use of settings to prevent it</p>
<p>Direct Transfer - Authorised project/group exports are accessible to other users</p>
<p>Bypassing tag check and branch check through imports</p>
<p>Project Import/Export - Make project/group export files hidden to everyone except user who initiated it</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5067</cvename>
<cvename>CVE-2024-7057</cvename>
<cvename>CVE-2024-0231</cvename>
<url>https://about.gitlab.com/releases/2024/07/24/patch-release-gitlab-17-2-1-released/</url>
</references>
<dates>
<discovery>2024-07-24</discovery>
<entry>2024-07-25</entry>
</dates>
</vuln>
<vuln vid="574028b4-a181-455b-a78b-ec5c62781235">
<topic>electron29 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.5">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-6291.</li>
<li>Security: backported fix for CVE-2024-6293.</li>
<li>Security: backported fix for CVE-2024-6290.</li>
<li>Security: backported fix for CVE-2024-6292.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6291</cvename>
<url>https://github.com/advisories/GHSA-rpvg-h6p6-42qj</url>
<cvename>CVE-2024-6293</cvename>
<url>https://github.com/advisories/GHSA-9f8f-453p-rg87</url>
<cvename>CVE-2024-6290</cvename>
<url>https://github.com/advisories/GHSA-r5mh-qgc2-26p2</url>
<cvename>CVE-2024-6292</cvename>
<url>https://github.com/advisories/GHSA-m848-8f5r-6j4g</url>
</references>
<dates>
<discovery>2024-07-17</discovery>
<entry>2024-07-19</entry>
</dates>
</vuln>
<vuln vid="088b8b7d-446c-11ef-b611-84a93843eb75">
<topic>Apache httpd -- Source code disclosure with handlers configured via AddType</topic>
<affects>
<package>
<name>apache24</name>
<range><ge>2.4.60</ge><lt>2.4.62</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<p>source code disclosure with handlers configured via AddType
(CVE-2024-40725) (Important): A partial fix for CVE-2024-39884
in the core of Apache HTTP Server 2.4.61 ignores some use of the
legacy content-type based configuration of handlers. "AddType"
and similar configuration, under some circumstances where files
are requested indirectly, result in source code disclosure of
local content. For example, PHP scripts may be served instead
of interpreted.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-40725</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2024-07-17</discovery>
<entry>2024-07-17</entry>
</dates>
</vuln>
<vuln vid="3b018063-4358-11ef-b611-84a93843eb75">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mysql80-client</name>
<range><lt>8.0.38</lt></range>
</package>
<package>
<name>mysql80-server</name>
<range><lt>8.0.38</lt></range>
</package>
<package>
<name>mysql81-client</name>
<range><lt>8.1.1</lt></range>
</package>
<package>
<name>mysql81-server</name>
<range><lt>8.1.1</lt></range>
</package>
<package>
<name>mysql84-client</name>
<range><lt>8.4.1</lt></range>
</package>
<package>
<name>mysql84-server</name>
<range><lt>8.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2024.html#MySQL">
<p>36 new security patches for Oracle MySQL. 11 of these vulnerabilities
may be remotely exploitable without authentication, i.e., may be
exploited over a network without requiring user credentials.
The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
MySQL is 9.8.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.oracle.com/security-alerts/cpujul2024.html#MySQL</url>
</references>
<dates>
<discovery>2024-07-16</discovery>
<entry>2024-07-16</entry>
</dates>
</vuln>
<vuln vid="6091d1d8-4347-11ef-a4d4-080027957747">
<topic>GLPI -- multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.16,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GLPI team reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.16">
<p>GLPI 10.0.16 Changelog</p>
<ul>
<li>[SECURITY - high] Account takeover via SQL Injection in AJAX scripts (CVE-2024-37148)</li>
<li>[SECURITY - high] Remote code execution through the plugin loader (CVE-2024-37149)</li>
<li>[SECURITY - moderate] Authenticated file upload to restricted tickets (CVE-2024-37147)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-37148</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37148</url>
<cvename>CVE-2024-37149</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37149</url>
<cvename>CVE-2024-37147</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37147</url>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.16</url>
</references>
<dates>
<discovery>2024-06-03</discovery>
<entry>2024-07-16</entry>
</dates>
</vuln>
<vuln vid="6410f91d-1214-4f92-b7e0-852e39e265f9">
<topic>electron30 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron30</name>
<range><lt>30.2.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v30.2.0">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-5493.</li>
<li>Security: backported fix for CVE-2024-5831.</li>
<li>Security: backported fix for CVE-2024-5832.</li>
<li>Security: backported fix for CVE-2024-6100.</li>
<li>Security: backported fix for CVE-2024-6101.</li>
<li>Security: backported fix for CVE-2024-6103.</li>
<li>Security: backported fix for CVE-2024-6291.</li>
<li>Security: backported fix for CVE-2024-6293.</li>
<li>Security: backported fix for CVE-2024-6290.</li>
<li>Security: backported fix for CVE-2024-6292.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5493</cvename>
<url>https://github.com/advisories/GHSA-f6rr-qfxh-hcf9</url>
<cvename>CVE-2024-5831</cvename>
<url>https://github.com/advisories/GHSA-9pmm-wf44-xjqc</url>
<cvename>CVE-2024-5832</cvename>
<url>https://github.com/advisories/GHSA-rw9q-cwc5-qqp5</url>
<cvename>CVE-2024-6100</cvename>
<url>https://github.com/advisories/GHSA-g779-vpj7-v6c4</url>
<cvename>CVE-2024-6101</cvename>
<url>https://github.com/advisories/GHSA-rg42-f9ww-x3w7</url>
<cvename>CVE-2024-6103</cvename>
<url>https://github.com/advisories/GHSA-ph5m-227m-fc5g</url>
<cvename>CVE-2024-6291</cvename>
<url>https://github.com/advisories/GHSA-rpvg-h6p6-42qj</url>
<cvename>CVE-2024-6293</cvename>
<url>https://github.com/advisories/GHSA-9f8f-453p-rg87</url>
<cvename>CVE-2024-6290</cvename>
<url>https://github.com/advisories/GHSA-r5mh-qgc2-26p2</url>
<cvename>CVE-2024-6292</cvename>
<url>https://github.com/advisories/GHSA-m848-8f5r-6j4g</url>
</references>
<dates>
<discovery>2024-07-10</discovery>
<entry>2024-07-13</entry>
</dates>
</vuln>
<vuln vid="55d4a92f-c75f-43e8-ab1f-4a0efc9795c4">
<topic>electron29 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.4">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-6291.</li>
<li>Security: backported fix for CVE-2024-6293.</li>
<li>Security: backported fix for CVE-2024-6290.</li>
<li>Security: backported fix for CVE-2024-6292.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6291</cvename>
<url>https://github.com/advisories/GHSA-rpvg-h6p6-42qj</url>
<cvename>CVE-2024-6293</cvename>
<url>https://github.com/advisories/GHSA-9f8f-453p-rg87</url>
<cvename>CVE-2024-6290</cvename>
<url>https://github.com/advisories/GHSA-r5mh-qgc2-26p2</url>
<cvename>CVE-2024-6292</cvename>
<url>https://github.com/advisories/GHSA-m848-8f5r-6j4g</url>
</references>
<dates>
<discovery>2024-07-11</discovery>
<entry>2024-07-13</entry>
</dates>
</vuln>
<vuln vid="acb4eab6-3f6d-11ef-8657-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.1.0</ge><lt>17.1.2</lt></range>
<range><ge>17.0.0</ge><lt>17.0.4</lt></range>
<range><ge>11.8.0</ge><lt>16.11.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/">
<p>An attacker can run pipeline jobs as an arbitrary user</p>
<p>Developer user with admin_compliance_framework permission can change group URL</p>
<p>Admin push rules custom role allows creation of project level deploy token</p>
<p>Package registry vulnerable to manifest confusion</p>
<p>User with admin_group_member permission can ban group members</p>
<p>Subdomain takeover in GitLab Pages</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6385</cvename>
<cvename>CVE-2024-5257</cvename>
<cvename>CVE-2024-5470</cvename>
<cvename>CVE-2024-6595</cvename>
<cvename>CVE-2024-2880</cvename>
<cvename>CVE-2024-5528</cvename>
<url>https://about.gitlab.com/releases/2024/07/10/patch-release-gitlab-17-1-2-released/</url>
</references>
<dates>
<discovery>2024-07-10</discovery>
<entry>2024-07-11</entry>
</dates>
</vuln>
<vuln vid="171afa61-3eba-11ef-a58f-080027836e8b">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py39-django42</name>
<name>py310-django42</name>
<name>py311-django42</name>
<range><lt>4.2.14</lt></range>
</package>
<package>
<name>py310-django50</name>
<name>py311-django50</name>
<range><lt>5.0.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2024/jul/09/security-releases/">
<p>CVE-2024-38875: Potential denial-of-service in django.utils.html.urlize().</p>
<p>CVE-2024-39329: Username enumeration through timing difference for users with unusable passwords.</p>
<p>CVE-2024-39330: Potential directory-traversal in django.core.files.storage.Storage.save().</p>
<p>CVE-2024-39614: Potential denial-of-service in django.utils.translation.get_supported_language_variant().</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-38875</cvename>
<cvename>CVE-2024-39329</cvename>
<cvename>CVE-2024-39330</cvename>
<cvename>CVE-2024-39614</cvename>
<url>https://www.djangoproject.com/weblog/2024/jul/09/security-releases/</url>
</references>
<dates>
<discovery>2024-07-01</discovery>
<entry>2024-07-10</entry>
</dates>
</vuln>
<vuln vid="767dfb2d-3c9e-11ef-a829-5404a68ad561">
<topic>traefik -- Bypassing IP allow-lists via HTTP/3 early data requests</topic>
<affects>
<package>
<name>traefik</name>
<range><lt>2.11.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The traefik authors report:</p>
<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9">
<p>There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early
data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-39321</cvename>
<url>https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9</url>
</references>
<dates>
<discovery>2024-07-02</discovery>
<entry>2024-07-07</entry>
</dates>
</vuln>
<vuln vid="5d921a8c-3a43-11ef-b611-84a93843eb75">
<topic>Apache httpd -- source code disclosure</topic>
<affects>
<package>
<name>apache24</name>
<range><ge>2.4.60</ge><lt>2.4.61</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<p>isource code disclosure with handlers configured via AddType
(CVE-2024-39884) (Important). A regression in the core of Apache HTTP
Server 2.4.60 ignores some use of the legacy content-type based
configuration of handlers. "AddType" and similar configuration,
under some circumstances where files are requested indirectly, result
in source code disclosure of local content. For example, PHP scripts
may be served instead of interpreted.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-39884</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2024-07-04</discovery>
<entry>2024-07-04</entry>
</dates>
</vuln>
<vuln vid="51498ee4-39a1-11ef-b609-002590c1f29c">
<topic>Request Tracker -- information exposure vulnerability</topic>
<affects>
<package>
<name>rt50</name>
<range><lt>5.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Request Tracker reports:</p>
<p>CVE-2024-3262 describes previously viewed pages being stored in the
browser cache, which is the typical default behavior of most browsers to
enable the "back" button. Someone who gains access to a host computer could
potentially view ticket data using the back button, even after logging out
of RT. The CVE specifically references RT version 4.4.1, but this behavior
is present in most browsers viewing all versions of RT before 5.0.6.</p>
</body>
</description>
<references>
<cvename>CVE-2024-3262</cvename>
<url>https://github.com/advisories/GHSA-6426-p644-ffcf</url>
</references>
<dates>
<discovery>2024-04-04</discovery>
<entry>2024-07-04</entry>
</dates>
</vuln>
<vuln vid="b0374722-3912-11ef-a77e-901b0e9408dc">
<topic>go -- net/http: denial of service due to improper 100-continue handling</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.5</lt></range>
</package>
<package>
<name>go121</name>
<range><lt>1.21.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/67555">
<p>net/http: denial of service due to improper 100-continue handling</p>
<p>The net/http HTTP/1.1 client mishandled the case where a
server responds to a request with an "Expect: 100-continue"
header with a non-informational (200 or higher) status. This
mishandling could leave a client connection in an invalid
state, where the next request sent on the connection will
fail.</p>
<p>An attacker sending a request to a
net/http/httputil.ReverseProxy proxy can exploit this
mishandling to cause a denial of service by sending "Expect:
100-continue" requests which elicit a non-informational
response from the backend. Each such request leaves the
proxy with an invalid connection, and causes one subsequent
request using that connection to fail.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24791</cvename>
<url>https://go.dev/issue/67555</url>
</references>
<dates>
<discovery>2024-07-02</discovery>
<entry>2024-07-03</entry>
</dates>
</vuln>
<vuln vid="d7efc2ad-37af-11ef-b611-84a93843eb75">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.60</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<p>DoS by Null pointer in websocket over HTTP/2 (CVE-2024-36387) (Low).
Serving WebSocket protocol upgrades over a HTTP/2 connection could
result in a Null Pointer dereference, leading to a crash of the server
process, degrading performance.</p>
<p>Proxy encoding problem (CVE-2024-38473) (Moderate).
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier
allows request URLs with incorrect encoding to be sent to backend
services, potentially bypassing authentication via crafted requests.</p>
<p>Weakness with encoded question marks in backreferences
(CVE-2024-38474) (Important). Substitution encoding issue in
mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker
to execute scripts in directories permitted by the configuration but
not directly reachable by any URL or source disclosure of scripts
meant to only to be executed as CGI.</p>
<p>Weakness in mod_rewrite when first segment of substitution matches
filesystem path (CVE-2024-38475) (Important). Improper escaping of
output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows
an attacker to map URLs to filesystem locations that are permitted to
be served by the server but are not intentionally/directly reachable
by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables
as the first segment of the substitution are affected. Some unsafe
RewiteRules will be broken by this change and the rewrite flag
"UnsafePrefixStat" can be used to opt back in once ensuring the
substitution is appropriately constrained.</p>
<p>may use exploitable/malicious backend application output to run local
handlers via internal redirect (CVE-2024-38476) (Important).
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are
vulnerable to information disclosure, SSRF or local script execution
via backend applications whose response headers are malicious or
exploitable.</p>
<p>Crash resulting in Denial of Service in mod_proxy via a malicious
request (CVE-2024-38477) (Important). Null pointer dereference in
mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker
to crash the server via a malicious request.</p>
<p>mod_rewrite proxy handler substitution (CVE-2024-39573) (Moderate).
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier
allows an attacker to cause unsafe RewriteRules to unexpectedly setup
URL's to be handled by mod_proxy.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-36387</cvename>
<cvename>CVE-2024-38473</cvename>
<cvename>CVE-2024-38474</cvename>
<cvename>CVE-2024-38475</cvename>
<cvename>CVE-2024-38476</cvename>
<cvename>CVE-2024-38477</cvename>
<cvename>CVE-2024-39573</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2024-07-01</discovery>
<entry>2024-07-01</entry>
</dates>
</vuln>
<vuln vid="f1a00122-3797-11ef-b611-84a93843eb75">
<topic>OpenSSH -- Race condition resulting in potential remote code execution</topic>
<affects>
<package>
<name>openssh-portable</name>
<range><lt>9.7.p1_2,1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.1</ge><lt>14.1_2</lt></range>
<range><ge>14.0</ge><lt>14.0_8</lt></range>
<range><ge>13.3</ge><lt>13.3_4</lt></range>
<range><ge>13.2</ge><lt>13.2_12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSH project reports:</p>
<blockquote cite="https://www.openssh.com/security.html">
<p>A race condition in sshd(8) could allow remote code execution as root on non-OpenBSD systems.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6387</cvename>
<url>https://www.openssh.com/security.html</url>
<freebsdsa>SA-24:04.openssh</freebsdsa>
</references>
<dates>
<discovery>2024-07-01</discovery>
<entry>2024-07-01</entry>
<modified>2024-09-20</modified>
</dates>
</vuln>
<vuln vid="c742dbe8-3704-11ef-9e6e-b42e991fc52e">
<topic>netatalk3 -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>netatalk3</name>
<range><lt>3.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/afpd/directory.c#L2333">
<p>This entry documents the following three vulnerabilities:</p>
<ul>
<li>Netatalk before 3.2.1 has an off-by-one error and resultant heap-based
buffer overflow because of setting ibuf[len] to '\0' in
FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19
are also fixed versions.</li>
<li>Netatalk before 3.2.1 has an off-by-one error, and resultant
heap-based buffer overflow and segmentation violation, because of
incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c.
The original issue 1097 report stated: 'The latest version of
Netatalk (v3.2.0) contains a security vulnerability. This vulnerability
arises due to a lack of validation for the length field after parsing
user-provided data, leading to an out-of-bounds heap write of one
byte (\0). Under specific configurations, this can result in reading
metadata of the next heap block, potentially causing a Denial of
Service (DoS) under certain heap layouts or with ASAN enabled. ...
</li>
<li>Netatalk before 3.2.1 has an off-by-one error and resultant heap-based
buffer overflow because of setting ibuf[PASSWDLEN] to '\0'
in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19
are also fixed versions.
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-38440</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-38440</url>
<cvename>CVE-2024-38441</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-38441</url>
<cvename>CVE-2024-38439</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-38439</url>
</references>
<dates>
<discovery>2024-06-16</discovery>
<entry>2024-06-30</entry>
</dates>
</vuln>
<vuln vid="0e73964d-053a-481a-bf1c-202948d68484">
<topic>electron29 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-5499.</li>
<li>Security: backported fix for CVE-2024-5493.</li>
<li>Security: backported fix for CVE-2024-5494.</li>
<li>Security: backported fix for CVE-2024-5495.</li>
<li>Security: backported fix for CVE-2024-5496.</li>
<li>Security: backported fix for CVE-2024-5158.</li>
<li>Security: backported fix for CVE-2024-5160.</li>
<li>Security: backported fix for CVE-2024-5157.</li>
<li>Security: backported fix for CVE-2024-5159.</li>
<li>Security: backported fix for CVE-2024-5831.</li>
<li>Security: backported fix for CVE-2024-5832.</li>
<li>Security: backported fix for CVE-2024-6100.</li>
<li>Security: backported fix for CVE-2024-6101.</li>
<li>Security: backported fix for CVE-2024-6103.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5499</cvename>
<url>https://github.com/advisories/GHSA-hqfv-mf6j-g3j6</url>
<cvename>CVE-2024-5493</cvename>
<url>https://github.com/advisories/GHSA-f6rr-qfxh-hcf9</url>
<cvename>CVE-2024-5494</cvename>
<url>https://github.com/advisories/GHSA-fv2x-w8xf-gxpq</url>
<cvename>CVE-2024-5495</cvename>
<url>https://github.com/advisories/GHSA-wrxh-8wc3-33rm</url>
<cvename>CVE-2024-5496</cvename>
<url>https://github.com/advisories/GHSA-8xgv-q88p-ghq4</url>
<cvename>CVE-2024-5158</cvename>
<url>https://github.com/advisories/GHSA-4433-jwm9-48r5</url>
<cvename>CVE-2024-5160</cvename>
<url>https://github.com/advisories/GHSA-c24q-2hx9-mjpc</url>
<cvename>CVE-2024-5157</cvename>
<url>https://github.com/advisories/GHSA-w7g4-69hj-jcrq</url>
<cvename>CVE-2024-5159</cvename>
<url>https://github.com/advisories/GHSA-qmp7-vwf7-6g2g</url>
<cvename>CVE-2024-5831</cvename>
<url>https://github.com/advisories/GHSA-9pmm-wf44-xjqc</url>
<cvename>CVE-2024-5832</cvename>
<url>https://github.com/advisories/GHSA-rw9q-cwc5-qqp5</url>
<cvename>CVE-2024-6100</cvename>
<url>https://github.com/advisories/GHSA-g779-vpj7-v6c4</url>
<cvename>CVE-2024-6101</cvename>
<url>https://github.com/advisories/GHSA-rg42-f9ww-x3w7</url>
<cvename>CVE-2024-6103</cvename>
<url>https://github.com/advisories/GHSA-ph5m-227m-fc5g</url>
</references>
<dates>
<discovery>2024-06-27</discovery>
<entry>2024-06-28</entry>
</dates>
</vuln>
<vuln vid="07f0ea8c-356a-11ef-ac6d-a0423f48a938">
<topic>frr - Multiple vulnerabilities</topic>
<affects>
<package>
<name>frr9</name>
<range><lt>9.1.1</lt></range>
</package>
<package>
<name>frr8</name>
<range><lt>8.5.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://frrouting.org/release/9.1.1/">
<p>In FRRouting (FRR) through 9.1, there are multiples vulnerabilities.</p>
<ul>
<li>CVE-2024-31950: buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets</li>
<li>CVE-2024-31951: buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31950</cvename>
<cvename>CVE-2024-31951</cvename>
<url>https://frrouting.org/release/9.1.1/</url>
</references>
<dates>
<discovery>2024-04-07</discovery>
<entry>2024-06-28</entry>
</dates>
</vuln>
<vuln vid="589de937-343f-11ef-8a7b-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.1.0</ge><lt>17.1.1</lt></range>
<range><ge>17.0.0</ge><lt>17.0.3</lt></range>
<range><ge>1.0.0</ge><lt>16.11.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/">
<p>Run pipelines as any user</p>
<p>Stored XSS injected in imported project's commit notes</p>
<p>CSRF on GraphQL API IntrospectionQuery</p>
<p>Remove search results from public projects with unauthorized repos</p>
<p>Cross window forgery in user application OAuth flow</p>
<p>Project maintainers can bypass group's merge request approval policy</p>
<p>ReDoS via custom built markdown page</p>
<p>Private job artifacts can be accessed by any user</p>
<p>Security fixes for banzai pipeline</p>
<p>ReDoS in dependency linker</p>
<p>Denial of service using a crafted OpenAPI file</p>
<p>Merge request title disclosure</p>
<p>Access issues and epics without having an SSO session</p>
<p>Non project member can promote key results to objectives</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5655</cvename>
<cvename>CVE-2024-4901</cvename>
<cvename>CVE-2024-4994</cvename>
<cvename>CVE-2024-6323</cvename>
<cvename>CVE-2024-2177</cvename>
<cvename>CVE-2024-5430</cvename>
<cvename>CVE-2024-4025</cvename>
<cvename>CVE-2024-3959</cvename>
<cvename>CVE-2024-4557</cvename>
<cvename>CVE-2024-1493</cvename>
<cvename>CVE-2024-1816</cvename>
<cvename>CVE-2024-2191</cvename>
<cvename>CVE-2024-3115</cvename>
<cvename>CVE-2024-4011</cvename>
<url>https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/</url>
</references>
<dates>
<discovery>2024-06-26</discovery>
<entry>2024-06-27</entry>
</dates>
</vuln>
<vuln vid="2b68c86a-32d5-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>126.0.6478.126</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>126.0.6478.126</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html">
<p>This update includes 5 security fixes:</p>
<ul>
<li>[342428008] High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23</li>
<li>[40942995] High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-15</li>
<li>[342545100] High CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz on 2024-05-24</li>
<li>[345993680] High CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz on 2024-06-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6290</cvename>
<cvename>CVE-2024-6291</cvename>
<cvename>CVE-2024-6292</cvename>
<cvename>CVE-2024-6293</cvename>
<url>https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html</url>
</references>
<dates>
<discovery>2024-06-24</discovery>
<entry>2024-06-25</entry>
</dates>
</vuln>
<vuln vid="4f6c4c07-3179-11ef-9da5-1c697a616631">
<topic>emacs -- Arbitrary shell code evaluation vulnerability</topic>
<affects>
<package>
<name>emacs</name>
<name>emacs-canna</name>
<name>emacs-nox</name>
<name>emacs-wayland</name>
<range><lt>29.3_3,3</lt></range>
</package>
<package>
<name>emacs-devel</name>
<name>emacs-devel-nox</name>
<range><lt>30.0.50.20240615_1,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GNU Emacs developers report:</p>
<blockquote cite="https://lists.gnu.org/archive/html/info-gnu-emacs/2024-06/msg00000.html">
<p>Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code.</p>
</blockquote>
</body>
</description>
<references>
<url>https://seclists.org/oss-sec/2024/q2/296</url>
</references>
<dates>
<discovery>2024-06-22</discovery>
<entry>2024-06-23</entry>
</dates>
</vuln>
<vuln vid="82830965-3073-11ef-a17d-5404a68ad561">
<topic>traefik -- Azure Identity Libraries Elevation of Privilege Vulnerability</topic>
<affects>
<package>
<name>traefik</name>
<range><lt>2.11.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The traefik authors report:</p>
<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf">
<p>There is a vulnerability in Azure Identity Libraries and
Microsoft Authentication Library Elevation of Privilege Vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-35255</cvename>
<url>https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf</url>
</references>
<dates>
<discovery>2024-06-11</discovery>
<entry>2024-06-22</entry>
</dates>
</vuln>
<vuln vid="aa2b65e4-2f63-11ef-9cab-4ccc6adda413">
<topic>qt5-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.17.p2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 5 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-3837: Use after free in QUIC</li>
<li>CVE-2024-3839: Out of bounds read in Fonts</li>
<li>CVE-2024-3914: Use after free in V8</li>
<li>CVE-2024-4058: Type confusion in ANGLE</li>
<li>CVE-2024-4558: Use after free in ANGLE</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3837</cvename>
<cvename>CVE-2024-3839</cvename>
<cvename>CVE-2024-3914</cvename>
<cvename>CVE-2024-4058</cvename>
<cvename>CVE-2024-4558</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2024-05-31</discovery>
<entry>2024-06-20</entry>
</dates>
</vuln>
<vuln vid="c5415838-2f52-11ef-9cab-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-webengine</name>
<range><lt>6.7.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based">
<p>Backports for 7 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-4948: Use after free in Dawn</li>
<li>CVE-2024-5274: Type Confusion in V8</li>
<li>CVE-2024-5493: Heap buffer overflow in WebRTC</li>
<li>CVE-2024-5494: Use after free in Dawn</li>
<li>CVE-2024-5495: Use after free in Dawn</li>
<li>CVE-2024-5496: Use after free in Media Session</li>
<li>CVE-2024-5499: Out of bounds write in Streams API</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4948</cvename>
<cvename>CVE-2024-5274</cvename>
<cvename>CVE-2024-5493</cvename>
<cvename>CVE-2024-5494</cvename>
<cvename>CVE-2024-5495</cvename>
<cvename>CVE-2024-5496</cvename>
<cvename>CVE-2024-5499</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based</url>
</references>
<dates>
<discovery>2024-05-31</discovery>
<entry>2024-06-20</entry>
</dates>
</vuln>
<vuln vid="142c538e-b18f-40a1-afac-c479effadd5c">
<topic>openvpn -- two security fixes</topic>
<affects>
<package>
<name>openvpn</name>
<range><lt>2.6.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gert Doering reports that OpenVPN 2.6.11 fixes two security bugs (three on Windows):</p>
<blockquote cite="https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes">
<p>CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. (Reynir Björnsson)</p>
<p>CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client. (Reynir Björnsson)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5594</cvename>
<cvename>CVE-2024-28882</cvename>
<url>https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst#security-fixes</url>
</references>
<dates>
<discovery>2024-05-16</discovery>
<entry>2024-06-20</entry>
</dates>
</vuln>
<vuln vid="007e7e77-2f06-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>126.0.6478.114</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>126.0.6478.114</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html">
<p>This update includes 6 security fixes:</p>
<ul>
<li>[344608204] High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04</li>
<li>[343748812] High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31</li>
<li>[339169163] High CVE-2024-6102: Out of bounds memory access in Dawn. Reported by wgslfuzz on 2024-05-07</li>
<li>[344639860] High CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz on 2024-06-04</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-6100</cvename>
<cvename>CVE-2024-6101</cvename>
<cvename>CVE-2024-6102</cvename>
<cvename>CVE-2024-6103</cvename>
<url>https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html</url>
</references>
<dates>
<discovery>2024-06-18</discovery>
<entry>2024-06-20</entry>
</dates>
</vuln>
<vuln vid="453aa0fc-2d91-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>126.0.6478.54</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>126.0.6478.54</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html">
<p>This update includes 21 security fixes:</p>
<ul>
<li>[342456991] High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24</li>
<li>[339171223] High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07</li>
<li>[340196361] High CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz on 2024-05-13</li>
<li>[342602616] High CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel on 2024-05-24</li>
<li>[342840932] High CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert on 2024-05-26</li>
<li>[341991535] High CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI on 2024-05-22</li>
<li>[341875171] High CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding on 2024-05-21</li>
<li>[342415789] High CVE-2024-5837: Type Confusion in V8. Reported by Anonymous on 2024-05-23</li>
<li>[342522151] High CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-24</li>
<li>[340122160] Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Micky on 2024-05-13</li>
<li>[41492103] Medium CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard on 2024-01-17</li>
<li>[326765855] Medium CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-02-26</li>
<li>[40062622] Medium CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy) on 2023-01-12</li>
<li>[333940412] Medium CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575 on 2024-04-12</li>
<li>[331960660] Medium CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri on 2024-04-01</li>
<li>[340178596] Medium CVE-2024-5845: Use after free in Audio. Reported by anonymous on 2024-05-13</li>
<li>[341095523] Medium CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-16</li>
<li>[341313077] Medium CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-18</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5830</cvename>
<cvename>CVE-2024-5831</cvename>
<cvename>CVE-2024-5832</cvename>
<cvename>CVE-2024-5833</cvename>
<cvename>CVE-2024-5834</cvename>
<cvename>CVE-2024-5835</cvename>
<cvename>CVE-2024-5836</cvename>
<cvename>CVE-2024-5837</cvename>
<cvename>CVE-2024-5838</cvename>
<cvename>CVE-2024-5839</cvename>
<cvename>CVE-2024-5840</cvename>
<cvename>CVE-2024-5841</cvename>
<cvename>CVE-2024-5842</cvename>
<cvename>CVE-2024-5843</cvename>
<cvename>CVE-2024-5844</cvename>
<cvename>CVE-2024-5845</cvename>
<cvename>CVE-2024-5846</cvename>
<cvename>CVE-2024-5847</cvename>
<url>https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-06-11</discovery>
<entry>2024-06-18</entry>
</dates>
</vuln>
<vuln vid="f0ba7008-2bbd-11ef-b4ca-814a3d504243">
<topic>forgejo -- multiple issues</topic>
<affects>
<package>
<name>forgejo</name>
<range><lt>7.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The forgejo team reports:</p>
<blockquote cite="https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#7-0-4">
<p><a href="https://pkg.go.dev/vuln/GO-2024-2888">CVE-2024-24789</a>:
The archive/zip package's handling of certain types of invalid
zip files differs from the behavior of most zip implementations.
This misalignment could be exploited to create an zip file with
contents that vary depending on the implementation reading the
file.</p>
<p>The OAuth2 implementation does not always require authentication
for public clients, a requirement of RFC 6749 Section 10.2. A
malicious client can impersonate another client and obtain access
to protected resources if the impersonated client fails to, or is
unable to, keep its client credentials confidential.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24789</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-24789</url>
</references>
<dates>
<discovery>2024-04-04</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="219aaa1e-2aff-11ef-ab37-5404a68ad561">
<topic>traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses</topic>
<affects>
<package>
<name>traefik</name>
<range><lt>2.11.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The traefik authors report:</p>
<blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx">
<p>There is a vulnerability in Go managing various Is methods
(IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses.
They didn't work as expected returning false for addresses
which would return true in their traditional IPv4 forms.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24790</cvename>
<url>https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx</url>
</references>
<dates>
<discovery>2024-06-05</discovery>
<entry>2024-06-15</entry>
</dates>
</vuln>
<vuln vid="a5c64f6f-2af3-11ef-a77e-901b0e9408dc">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.4</lt></range>
</package>
<package>
<name>go121</name>
<range><lt>1.21.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/66869">
<p>archive/zip: mishandling of corrupt central directory record</p>
<p>The archive/zip package's handling of certain types of
invalid zip files differed from the behavior of most zip
implementations. This misalignment could be exploited to
create an zip file with contents that vary depending on the
implementation reading the file. The archive/zip package now
rejects files containing these errors.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/67680">
<p>net/netip: unexpected behavior from Is methods for
IPv4-mapped IPv6 addresses</p>
<p>The various Is methods (IsPrivate, IsLoopback, etc) did
not work as expected for IPv4-mapped IPv6 addresses,
returning false for addresses which would return true in
their traditional IPv4 forms.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24789</cvename>
<cvename>CVE-2024-24790</cvename>
<url>https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ</url>
</references>
<dates>
<discovery>2024-06-04</discovery>
<entry>2024-06-15</entry>
</dates>
</vuln>
<vuln vid="92cd1c03-2940-11ef-bc02-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.0.0</ge><lt>17.0.2</lt></range>
<range><ge>16.11.0</ge><lt>16.11.4</lt></range>
<range><ge>5.1</ge><lt>16.10.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/">
<p>ReDoS in gomod dependency linker</p>
<p>ReDoS in CI interpolation (fix bypass)</p>
<p>ReDoS in Asana integration issue mapping when webhook is called</p>
<p>XSS and content injection when viewing raw XHTML files on iOS devices</p>
<p>Missing agentk request validation could cause KAS to panic</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1495</cvename>
<cvename>CVE-2024-1736</cvename>
<cvename>CVE-2024-1963</cvename>
<cvename>CVE-2024-4201</cvename>
<cvename>CVE-2024-5469</cvename>
<url>https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/</url>
</references>
<dates>
<discovery>2024-06-12</discovery>
<entry>2024-06-13</entry>
</dates>
</vuln>
<vuln vid="479df73e-2838-11ef-9cab-4ccc6adda413">
<topic>plasma[56]-plasma-workspace -- Unauthorized users can access session manager</topic>
<affects>
<package>
<name>plasma5-plasma-workspace</name>
<range><lt>5.27.11.1</lt></range>
</package>
<package>
<name>plasma6-plasma-workspace</name>
<range><lt>6.0.4_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Edmundson reports:</p>
<blockquote cite="https://kde.org/info/security/advisory-20240531-1.txt">
<p>KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
based purely on the host, allowing all local connections. This allows
another user on the same machine to gain access to the session
manager.</p>
<p>A well crafted client could use the session restore feature to execute
arbitrary code as the user on the next boot.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-36041</cvename>
<url>https://kde.org/info/security/advisory-20240531-1.txt</url>
</references>
<dates>
<discovery>2024-05-31</discovery>
<entry>2024-06-11</entry>
</dates>
</vuln>
<vuln vid="5f608c68-276c-11ef-8caa-0897988a1c07">
<topic>Composer -- Multiple command injections via malicious git/hg branch names</topic>
<affects>
<package>
<name>php81-composer</name>
<range><lt>2.7.7</lt></range>
</package>
<package>
<name>php82-composer</name>
<range><lt>2.7.7</lt></range>
</package>
<package>
<name>php83-composer</name>
<range><lt>2.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Composer project reports:</p>
<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c">
<p>The status, reinstall and remove commands with packages
installed from source via git containing specially crafted
branch names in the repository can be used to execute
code.</p>
</blockquote>
<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf">
<p>The composer install command running inside a git/hg
repository which has specially crafted branch names can
lead to command injection. So this requires cloning
untrusted repositories.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-35241</cvename>
<url>https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c</url>
<cvename>CVE-2024-35242</cvename>
<url>https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf</url>
</references>
<dates>
<discovery>2024-06-10</discovery>
<entry>2024-06-10</entry>
</dates>
</vuln>
<vuln vid="91929399-249e-11ef-9296-b42e991fc52e">
<topic>kanboard -- Project Takeover via IDOR in ProjectPermissionController</topic>
<affects>
<package>
<name>kanboard</name>
<range><lt>1.2.37</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7">
<p>Kanboard is project management software that focuses on the Kanban
methodology. The vuln is in app/Controller/ProjectPermissionController.php
function addUser(). The users permission to add users to a project
only get checked on the URL parameter project_id. If the user is
authorized to add users to this project the request gets processed.
The users permission for the POST BODY parameter project_id does
not get checked again while processing. An attacker with the
'Project Manager' on a single project may take over any
other project. The vulnerability is fixed in 1.2.37.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-36399</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-36399</url>
</references>
<dates>
<discovery>2024-06-06</discovery>
<entry>2024-06-07</entry>
</dates>
</vuln>
<vuln vid="14908bda-232b-11ef-b621-00155d645102">
<topic>cyrus-imapd -- unbounded memory allocation</topic>
<affects>
<package>
<name>cyrus-imapd38</name>
<range><lt>3.8.2_1</lt></range>
</package>
<package>
<name>cyrus-imapd36</name>
<range><lt>3.6.4_1</lt></range>
</package>
<package>
<name>cyrus-imapd34</name>
<range><lt>3.4.7_1</lt></range>
</package>
<package>
<name>cyrus-imapd32</name>
<name>cyrus-imapd30</name>
<name>cyrus-imapd25</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cyrus IMAP 3.8.3 Release Notes states:</p>
<blockquote cite="https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html">
<p>Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.</p>
<p>The IMAP protocol allows for command arguments to be LITERALs of negotiated length, and for these the server allocates memory to receive the content before instructing the client to proceed. The allocated memory is released when the whole command has been received and processed.</p>
<p>The IMAP protocol has a number commands that specify an unlimited number of arguments, for example SEARCH. Each of these arguments can be a LITERAL, for which memory will be allocated and not released until the entire command has been received and processed. This can run a server out of memory, with varying consequences depending on the server's OOM policy.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-34055</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34055</url>
</references>
<dates>
<discovery>2024-04-30</discovery>
<entry>2024-06-05</entry>
</dates>
</vuln>
<vuln vid="b058380e-21a4-11ef-8a0f-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>125.0.6422.141</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>125.0.6422.141</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html">
<p>This update includes 11 security fixes:</p>
<ul>
<li>[339877165] High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-05-11</li>
<li>[338071106] High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01</li>
<li>[338103465] High CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz on 2024-05-01</li>
<li>[338929744] High CVE-2024-5496: Use after free in Media Session. Reported by Cassidy Kim(@cassidy6564) on 2024-05-06</li>
<li>[339061099] High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2024-05-07</li>
<li>[339588211] High CVE-2024-5498: Use after free in Presentation API. Reported by anymous on 2024-05-09</li>
<li>[339877167] High CVE-2024-5499: Out of bounds write in Streams API. Reported by anonymous on 2024-05-11</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5493</cvename>
<cvename>CVE-2024-5494</cvename>
<cvename>CVE-2024-5495</cvename>
<cvename>CVE-2024-5496</cvename>
<cvename>CVE-2024-5497</cvename>
<cvename>CVE-2024-5498</cvename>
<cvename>CVE-2024-5499</cvename>
<url>https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html</url>
</references>
<dates>
<discovery>2024-05-30</discovery>
<entry>2024-06-03</entry>
</dates>
</vuln>
<vuln vid="320a19f7-1ddd-11ef-a2ae-8c164567ca3c">
<topic>nginx -- Multiple Vulnerabilities in HTTP/3</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><ge>1.25.0</ge><lt>1.27.0</lt></range>
</package>
<package>
<name>nginx</name>
<range><ge>1.26.0</ge><lt>1.26.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx development team reports:</p>
<blockquote cite="http://nginx.org/en/security_advisories.html">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Stack overflow and use-after-free in HTTP/3</li>
<li>Buffer overwrite in HTTP/3</li>
<li>Memory disclosure in HTTP/3</li>
<li>NULL pointer dereference in HTTP/3</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31079</cvename>
<cvename>CVE-2024-32760</cvename>
<cvename>CVE-2024-34161</cvename>
<cvename>CVE-2024-35200</cvename>
</references>
<dates>
<discovery>2024-05-29</discovery>
<entry>2024-05-29</entry>
</dates>
</vuln>
<vuln vid="6926d038-1db4-11ef-9f97-a8a1599412c6">
<topic>chromium -- security fix</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>125.0.6422.112</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>125.0.6422.112</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html">
<p>This update includes 1 security fix:</p>
<ul>
<li>[341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5274</cvename>
<url>https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html</url>
</references>
<dates>
<discovery>2024-05-23</discovery>
<entry>2024-05-29</entry>
</dates>
</vuln>
<vuln vid="73a697d7-1d0f-11ef-a490-84a93843eb75">
<topic>OpenSSL -- Use after free vulnerability</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.13_5,1</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.5_5</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.1_5</lt></range>
</package>
<package>
<name>openssl33</name>
<range><lt>3.3.0_2</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.13_5</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.5_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240528.txt">
<p>Use After Free with SSL_free_buffers (low).</p>
<p>Calling the OpenSSL API function SSL_free_buffers may cause
memory to be accessed that was previously freed in some situations</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4741</cvename>
<url>https://www.openssl.org/news/secadv/20240528.txt</url>
</references>
<dates>
<discovery>2024-05-28</discovery>
<entry>2024-05-28</entry>
</dates>
</vuln>
<vuln vid="04e78f32-04b2-4c23-bfae-72600842d317">
<topic>electron29 -- use after free in Dawn</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.1">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-4948.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4948</cvename>
<url>https://github.com/advisories/GHSA-xvp9-87cv-m4fv</url>
</references>
<dates>
<discovery>2024-05-22</discovery>
<entry>2024-05-25</entry>
</dates>
</vuln>
<vuln vid="43d1c381-a3e5-4a1d-b3ed-f37b61a451af">
<topic>electron28 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron28</name>
<range><lt>28.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v28.3.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-4948.</li>
<li>Security: backported fix for CVE-2024-3914.</li>
<li>Security: backported fix for CVE-2024-4060.</li>
<li>Security: backported fix for CVE-2024-4058.</li>
<li>Security: backported fix for CVE-2024-4558.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4948</cvename>
<url>https://github.com/advisories/GHSA-xvp9-87cv-m4fv</url>
<cvename>CVE-2024-3914</cvename>
<url>https://github.com/advisories/GHSA-jv87-hfr8-8j2r</url>
<cvename>CVE-2024-4060</cvename>
<url>https://github.com/advisories/GHSA-4qw6-vwc8-mh38</url>
<cvename>CVE-2024-4058</cvename>
<url>https://github.com/advisories/GHSA-23rw-79p3-xgcm</url>
<cvename>CVE-2024-4558</cvename>
<url>https://github.com/advisories/GHSA-r4j8-j63p-24j8</url>
</references>
<dates>
<discovery>2024-05-22</discovery>
<entry>2024-05-25</entry>
</dates>
</vuln>
<vuln vid="f5fa174d-19de-11ef-83d8-4ccc6adda413">
<topic>QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth</topic>
<affects>
<package>
<name>qt5-networkauth</name>
<range><lt>5.15.13_1</lt></range>
</package>
<package>
<name>qt6-networkauth</name>
<range><lt>6.7.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andy Shaw reports:</p>
<blockquote cite="https://www.qt.io/blog/security-advisory-qstringconverter-0">
<p>The OAuth1 implementation in QtNetworkAuth created nonces using
a PRNG that was seeded with a predictable seed.</p>
<p>This means that an attacker that can somehow control the time of
the first OAuth1 flow of the process has a high chance of predicting
the nonce used in said OAuth flow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-36048</cvename>
<url>https://www.qt.io/blog/security-advisory-qstringconverter-0</url>
<url>https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317</url>
</references>
<dates>
<discovery>2024-05-08</discovery>
<entry>2024-05-24</entry>
</dates>
</vuln>
<vuln vid="f848ef90-1848-11ef-9850-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>17.0.0</ge><lt>17.0.1</lt></range>
<range><ge>16.11.0</ge><lt>16.11.3</lt></range>
<range><ge>11.11</ge><lt>16.10.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/">
<p>1-click account takeover via XSS in the code editor in gitlab.com</p>
<p>A DOS vulnerability in the 'description' field of the runner</p>
<p>CSRF via K8s cluster-integration</p>
<p>Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match</p>
<p>Redos on wiki render API/Page</p>
<p>Resource exhaustion and denial of service with test_report API calls</p>
<p>Guest user can view dependency lists of private projects through job artifacts</p>
<p>Stored XSS via PDFjs</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4835</cvename>
<cvename>CVE-2024-2874</cvename>
<cvename>CVE-2023-7045</cvename>
<cvename>CVE-2023-6502</cvename>
<cvename>CVE-2024-1947</cvename>
<cvename>CVE-2024-4367</cvename>
<url>https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/</url>
</references>
<dates>
<discovery>2024-05-22</discovery>
<entry>2024-05-22</entry>
</dates>
</vuln>
<vuln vid="8247af0d-183b-11ef-9f97-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>125.0.6422.76</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>125.0.6422.76</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html">
<p>This update includes 15 security fixes:</p>
<ul>
<li>[336012573] High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21</li>
<li>[338908243] High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-06</li>
<li>[335613092] High CVE-2024-5159: Heap buffer overflow in ANGLE. Reported by David Sievers (@loknop) on 2024-04-18</li>
<li>[338161969] High CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz on 2024-05-01</li>
<li>[340221135] High CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13</li>
<li>[333414294] High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09</li>
<li>[326607001] Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24</li>
<li>[40065403] Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-5157</cvename>
<cvename>CVE-2024-5158</cvename>
<cvename>CVE-2024-5159</cvename>
<cvename>CVE-2024-5160</cvename>
<cvename>CVE-2024-4947</cvename>
<cvename>CVE-2024-4948</cvename>
<cvename>CVE-2024-4949</cvename>
<cvename>CVE-2024-4950</cvename>
<url>https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html</url>
</references>
<dates>
<discovery>2024-05-21</discovery>
<entry>2024-05-22</entry>
</dates>
</vuln>
<vuln vid="9bcff2c4-1779-11ef-b489-b42e991fc52e">
<topic>Openfire administration console authentication bypass</topic>
<affects>
<package>
<name>openfire</name>
<range><lt>4.6.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="http://packetstormsecurity.com/files/173607/Openfire-Authentication-Bypass-Remote-Code-Execution.html">
<p>Openfire's administrative console, a web-based
application, was found to be vulnerable to a path traversal attack
via the setup environment. This permitted an unauthenticated user
to use the unauthenticated Openfire Setup Environment in an already
configured Openfire environment to access restricted pages in the
Openfire Admin Console reserved for administrative users. This
vulnerability affects all versions of Openfire that have been
released since April 2015, starting with version 3.10.0. The problem
has been patched in Openfire release 4.7.5 and 4.6.8, and further
improvements will be included in the yet-to-be released first version
on the 4.8 branch (which is expected to be version 4.8.0). Users
are advised to upgrade. If an Openfire upgrade isnt available for
a specific release, or isnt quickly actionable, users may see the
linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-32315</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-32315</url>
</references>
<dates>
<discovery>2023-05-26</discovery>
<entry>2024-05-21</entry>
</dates>
</vuln>
<vuln vid="e020b0fd-1751-11ef-a490-84a93843eb75">
<topic>Roundcube -- Cross-site scripting vulnerabilities</topic>
<affects>
<package>
<name>roundcube</name>
<range><lt>1.6.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Roundcube project reports:</p>
<blockquote cite="https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7">
<p>cross-site scripting (XSS) vulnerability in handling SVG
animate attributes.</p>
<p>cross-site scripting (XSS) vulnerability in handling list
columns from user preferences.</p>
</blockquote>
</body>
</description>
<references>
<url>https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7</url>
</references>
<dates>
<discovery>2024-05-19</discovery>
<entry>2024-05-21</entry>
</dates>
</vuln>
<vuln vid="d58455cc-159e-11ef-83d8-4ccc6adda413">
<topic>qt5-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.16.p9_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 2 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-3157: Out of bounds write in Compositing</li>
<li>CVE-2024-3516: Heap buffer overflow in ANGLE</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3157</cvename>
<cvename>CVE-2024-3516</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2024-04-16</discovery>
<entry>2024-05-19</entry>
</dates>
</vuln>
<vuln vid="f393b5a7-1535-11ef-8064-c5610a6efffb">
<topic>Arti -- Security issues related to circuit construction</topic>
<affects>
<package>
<name>arti</name>
<range><lt>1.2.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tor Project reports:</p>
<blockquote cite="https://blog.torproject.org/arti_1_2_3_released/">
<p>
When building anonymizing circuits to or from an onion
service with 'lite' vanguards (the default) enabled, the
circuit manager code would build the circuits with one
hop too few.
</p>
<p>
When 'full' vanguards are enabled, some circuits are
supposed to be built with an extra hop to minimize the
linkability of the guard nodes. In some circumstances,
the circuit manager would build circuits with one hop
too few, making it easier for an adversary to discover
the L2 and L3 guards of the affected clients and
services.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-35313</cvename>
<url>https://gitlab.torproject.org/tpo/core/arti/-/issues/1400</url>
<cvename>CVE-2024-35312</cvename>
<url>https://gitlab.torproject.org/tpo/core/arti/-/issues/1409</url>
</references>
<dates>
<discovery>2024-05-14</discovery>
<entry>2024-05-18</entry>
</dates>
</vuln>
<vuln vid="b88aa380-1442-11ef-a490-84a93843eb75">
<topic>OpenSSL -- Denial of Service vulnerability</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.13_4,1</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.5_4</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.1_4</lt></range>
</package>
<package>
<name>openssl33</name>
<range><lt>3.3.0_1</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.13_4</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.5_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240516.txt">
<p>Excessive time spent checking DSA keys and parameters (Low)</p>
<p>Checking excessively long DSA keys or parameters may be very
slow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4603</cvename>
<url>https://www.openssl.org/news/secadv/20240516.txt</url>
</references>
<dates>
<discovery>2024-05-16</discovery>
<entry>2024-05-17</entry>
</dates>
</vuln>
<vuln vid="a431676c-f86c-4371-b48a-b7d2b0bec3a3">
<topic>electron29 -- setuid() does not affect libuv's internal io_uring</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.4.0">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Backported fix for CVE-2024-22017.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-22017</cvename>
<url>https://github.com/advisories/GHSA-vr4q-vx84-9g5x</url>
</references>
<dates>
<discovery>2024-05-15</discovery>
<entry>2024-05-17</entry>
</dates>
</vuln>
<vuln vid="c6f03ea6-12de-11ef-83d8-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-webengine</name>
<range><lt>6.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based">
<p>Backports for 16 security bugs in Chromium:</p>
<ul>
<li>CVE-2024-2625: Object lifecycle issue in V8</li>
<li>CVE-2024-2626: Out of bounds read in Swiftshader</li>
<li>CVE-2024-2885: Use after free in Dawn</li>
<li>CVE-2024-2887: Type Confusion in WebAssembly</li>
<li>CVE-2024-3157: Out of bounds write in Compositing</li>
<li>CVE-2024-3159: Out of bounds memory access in V8</li>
<li>CVE-2024-3516: Heap buffer overflow in ANGLE</li>
<li>CVE-2024-3837: Use after free in QUIC</li>
<li>CVE-2024-3839: Out of bounds read in Fonts</li>
<li>CVE-2024-3914: Use after free in V8</li>
<li>CVE-2024-3840: Insufficient policy enforcement in Site Isolation</li>
<li>CVE-2024-4058: Type Confusion in ANGLE</li>
<li>CVE-2024-4060: Use after free in Dawn</li>
<li>CVE-2024-4331: Use after free in Picture In Picture</li>
<li>CVE-2024-4368: Use after free in Dawn</li>
<li>CVE-2024-4671: Use after free in Visuals</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2625</cvename>
<cvename>CVE-2024-2626</cvename>
<cvename>CVE-2024-2885</cvename>
<cvename>CVE-2024-2887</cvename>
<cvename>CVE-2024-3157</cvename>
<cvename>CVE-2024-3159</cvename>
<cvename>CVE-2024-3516</cvename>
<cvename>CVE-2024-3837</cvename>
<cvename>CVE-2024-3839</cvename>
<cvename>CVE-2024-3914</cvename>
<cvename>CVE-2024-3840</cvename>
<cvename>CVE-2024-4058</cvename>
<cvename>CVE-2024-4060</cvename>
<cvename>CVE-2024-4331</cvename>
<cvename>CVE-2024-4368</cvename>
<cvename>CVE-2024-4671</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=118-based</url>
</references>
<dates>
<discovery>2024-04-03</discovery>
<entry>2024-05-15</entry>
</dates>
</vuln>
<vuln vid="e79cc4e2-12d7-11ef-83d8-4ccc6adda413">
<topic>qt6-base (core module) -- Invalid pointer in QStringConverter</topic>
<affects>
<package>
<name>qt6-base</name>
<range><ge>6.5.0</ge><le>6.5.5</le></range>
<range><ge>6.6.0</ge><lt>6.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andy Shaw reports:</p>
<blockquote cite="https://www.qt.io/blog/security-advisory-qstringconverter">
<p>QStringConverter has an invalid pointer being passed as a callback
which can allow modification of the stack. Qt itself is not vulnerable
to remote attack however an application using QStringDecoder either
directly or indirectly can be vulnerable.</p>
<p>This requires:</p>
<ol>
<li>the attacker be able to tell the application a specific codec to use</li>
<li>the attacker be able to feed the application data in a specific way to cause the desired modification</li>
<li>the attacker what in the stack will get modified, which requires knowing the build of the application (and not all builds will be vulnerable)</li>
<li>the modification do anything in particular that is useful to the attacker, besides maybe crashing the application</li>
</ol>
<p>Qt does not automatically use any of those codecs, so this needs the application
to implement something using QStringDecoder to be vulnerable.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-33861</cvename>
<url>https://www.qt.io/blog/security-advisory-qstringconverter</url>
</references>
<dates>
<discovery>2024-05-02</discovery>
<entry>2024-05-15</entry>
</dates>
</vuln>
<vuln vid="f2d8342f-1134-11ef-8791-6805ca2fa271">
<topic>dnsdist -- Transfer requests received over DoH can lead to a denial of service</topic>
<affects>
<package>
<name>dnsdist</name>
<range><lt>1.9.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Security Advisory reports:</p>
<blockquote cite="https://dnsdist.org/security-advisories/index.html">
<p>When incoming DNS over HTTPS support is enabled using the nghttp2 provider,
and queries are routed to a tcp-only or DNS over TLS backend, an attacker can
trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR
or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a
Denial of Service. DNS over HTTPS is not enabled by default, and backends are using
plain DNS (Do53) by default.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-25581</cvename>
<url>https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html</url>
</references>
<dates>
<discovery>2024-05-13</discovery>
<entry>2024-05-13</entry>
</dates>
</vuln>
<vuln vid="5afd64ae-122a-11ef-8eed-1c697a616631">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20240514</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01036.html">
<p>
Potential security vulnerabilities in some Intel Trust Domain
Extensions (TDX) module software may allow escalation of
privilege. Improper input validation in some Intel TDX module
software before version 1.5.05.46.698 may allow a privileged user to
potentially enable escalation of privilege via local access. Intel
is releasing firmware updates to mitigate these potential
vulnerabilities.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html">
<p>
A potential security vulnerability in some Intel Processors may
allow information disclosure. Hardware logic contains race
conditions in some Intel Processors that may allow an authenticated
user to potentially enable partial information disclosure via local
access. Intel is releasing microcode updates to mitigate this
potential vulnerability.
</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html">
<p>
A potential security vulnerability in Intel Core Ultra Processors
may allow denial of service. Sequence of processor instructions
leads to unexpected behavior in Intel Core Ultra Processors may
allow an authenticated user to potentially enable denial of service
via local access. Intel is releasing microcode updates to mitigate
this potential vulnerability.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45745</cvename>
<cvename>CVE-2023-45733</cvename>
<cvename>CVE-2023-46103</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240514</url>
</references>
<dates>
<discovery>2024-05-14</discovery>
<entry>2024-05-14</entry>
</dates>
</vuln>
<vuln vid="8e0e8b56-11c6-11ef-9f97-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>124.0.6367.207</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>124.0.6367.207</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html">
<p>This update includes 1 security fix:</p>
<ul>
<li>[339458194] High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4761</cvename>
<url>https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html</url>
</references>
<dates>
<discovery>2024-05-13</discovery>
<entry>2024-05-14</entry>
</dates>
</vuln>
<vuln vid="d3847eba-114b-11ef-9c21-901b0e9408dc">
<topic>go -- net: malformed DNS message can cause infinite loop</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.3</lt></range>
</package>
<package>
<name>go121</name>
<range><lt>1.21.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/66754">
<p>net: malformed DNS message can cause infinite loop</p>
<p>A malformed DNS message in response to a query can cause
the Lookup functions to get stuck in an infinite loop.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24788</cvename>
<url>https://go.dev/issue/66754</url>
</references>
<dates>
<discovery>2024-04-25</discovery>
<entry>2024-05-13</entry>
</dates>
</vuln>
<vuln vid="3cf8ea44-1029-11ef-9f97-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>124.0.6367.201</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>124.0.6367.201</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html">
<p>This update includes 1 security fix:</p>
<ul>
<li>[339266700] High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4671</cvename>
<url>https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html</url>
</references>
<dates>
<discovery>2024-05-09</discovery>
<entry>2024-05-12</entry>
</dates>
</vuln>
<vuln vid="d53c30c1-0d7b-11ef-ba02-6cc21735f730">
<topic>PostgreSQL server -- Potentially allowing authenicated database users to see data that they shouldn't.</topic>
<affects>
<package>
<name>postgresql-server</name>
<range><lt>16.3</lt></range>
<range><lt>15.7</lt></range>
<range><lt>14.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL project reports:</p>
<blockquote cite="https://www.postgresql.org/support/security/CVE-2024-4317/">
<p>
A security vulnerability was found in the system views pg_stats_ext
and pg_stats_ext_exprs, potentially allowing authenticated database
users to see data they shouldn't. If this is of concern in your
installation, run the SQL script /usr/local/share/postgresql/fix-CVE-2024-4317.sql
for each of your databases. See the link for details.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4317</cvename>
<url>https://www.postgresql.org/support/security/CVE-2024-4317/</url>
</references>
<dates>
<discovery>2024-05-09</discovery>
<entry>2024-05-09</entry>
</dates>
</vuln>
<vuln vid="ee6936da-0ddd-11ef-9c21-901b0e9408dc">
<topic>tailscale -- Insufficient inbound packet filtering in subnet routers and exit nodes</topic>
<affects>
<package>
<name>tailscale</name>
<range><lt>1.66.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tailscale team reports:</p>
<blockquote cite="https://tailscale.com/security-bulletins#ts-2024-005">
<p>In Tailscale versions earlier than 1.66.0, exit nodes,
subnet routers, and app connectors, could allow inbound
connections to other tailnet nodes from their local area
network (LAN). This vulnerability only affects Linux exit
nodes, subnet routers, and app connectors in tailnets where
ACLs allow "src": "*", such as with default ACLs.</p>
</blockquote>
</body>
</description>
<references>
<url>https://tailscale.com/security-bulletins#ts-2024-005</url>
</references>
<dates>
<discovery>2024-05-08</discovery>
<entry>2024-05-09</entry>
</dates>
</vuln>
<vuln vid="ec994672-5284-49a5-a7fc-93c02126e5fb">
<topic>electron29 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.3.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-3914.</li>
<li>Security: backported fix for CVE-2024-4558.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3914</cvename>
<url>https://github.com/advisories/GHSA-jv87-hfr8-8j2r</url>
<cvename>CVE-2024-4558</cvename>
<url>https://github.com/advisories/GHSA-r4j8-j63p-24j8</url>
</references>
<dates>
<discovery>2024-05-09</discovery>
<entry>2024-05-09</entry>
</dates>
</vuln>
<vuln vid="fbc2c629-0dc5-11ef-9850-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>16.11.0</ge><lt>16.11.2</lt></range>
<range><ge>16.10.0</ge><lt>16.10.5</lt></range>
<range><ge>10.6.0</ge><lt>16.9.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/">
<p>ReDoS in branch search when using wildcards</p>
<p>ReDoS in markdown render pipeline</p>
<p>Redos on Discord integrations</p>
<p>Redos on Google Chat Integration</p>
<p>Denial of Service Attack via Pin Menu</p>
<p>DoS by filtering tags and branches via the API</p>
<p>MR approval via CSRF in SAML SSO</p>
<p>Banned user from groups can read issues updates via the api</p>
<p>Require confirmation before linking JWT identity</p>
<p>View confidential issues title and description of any public project via export</p>
<p>SSRF via Github importer</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2878</cvename>
<cvename>CVE-2024-2651</cvename>
<cvename>CVE-2023-6682</cvename>
<cvename>CVE-2023-6688</cvename>
<cvename>CVE-2024-2454</cvename>
<cvename>CVE-2024-4539</cvename>
<cvename>CVE-2024-4597</cvename>
<cvename>CVE-2024-1539</cvename>
<cvename>CVE-2024-1211</cvename>
<cvename>CVE-2024-3976</cvename>
<cvename>CVE-2023-6195</cvename>
<url>https://about.gitlab.com/releases/2024/05/08/patch-release-gitlab-16-11-2-released/</url>
</references>
<dates>
<discovery>2024-05-08</discovery>
<entry>2024-05-09</entry>
</dates>
</vuln>
<vuln vid="059a99a9-45e0-492b-b9f9-5a79573c8eb6">
<topic>electron29 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron29</name>
<range><lt>29.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v29.3.2">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-4060.</li>
<li>Security: backported fix for CVE-2024-4058.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4060</cvename>
<url>https://github.com/advisories/GHSA-4qw6-vwc8-mh38</url>
<cvename>CVE-2024-4058</cvename>
<url>https://github.com/advisories/GHSA-23rw-79p3-xgcm</url>
</references>
<dates>
<discovery>2024-05-03</discovery>
<entry>2024-05-08</entry>
</dates>
</vuln>
<vuln vid="f69415aa-086e-11ef-9f97-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>124.0.6367.118</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>124.0.6367.118</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html">
<p>This update includes 2 security fixes:</p>
<ul>
<li>[335003891] High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16</li>
<li>[333508731] High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4058</cvename>
<cvename>CVE-2024-4059</cvename>
<cvename>CVE-2024-4060</cvename>
<url>https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html</url>
</references>
<dates>
<discovery>2024-04-30</discovery>
<entry>2024-05-02</entry>
</dates>
</vuln>
<vuln vid="4a1e2bad-0836-11ef-9fd2-1c697a616631">
<topic>R -- arbitrary code execution vulnerability</topic>
<affects>
<package>
<name>R</name>
<range><lt>4.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>HiddenLayer Research reports:</p>
<blockquote cite="https://hiddenlayer.com/research/r-bitrary-code-execution/">
<p>Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-27322</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-27322</url>
</references>
<dates>
<discovery>2024-04-29</discovery>
<entry>2024-05-02</entry>
</dates>
</vuln>
<vuln vid="da4adc02-07f4-11ef-960d-5404a68ad561">
<topic>hcode -- buffer overflow in mail.c</topic>
<affects>
<package>
<name>ko-hcode</name>
<range><lt>2.1.3_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The openSUSE project reports:</p>
<blockquote cite="https://bugzilla.suse.com/show_bug.cgi?id=1223534">
<p>The problematic function in question is putSDN() in mail.c. The static variable `cp` is used as an index for a fixed-sized buffer `ibuf`. There is a range check: `if ( cp >= HDR_BUF_LEN ) ...` but under certain circumstances, cp can be incremented beyond the buffer size, leading to a buffer overwrite</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-34020</cvename>
<url>https://bugzilla.suse.com/show_bug.cgi?id=1223534</url>
</references>
<dates>
<discovery>2024-04-29</discovery>
<entry>2024-05-01</entry>
</dates>
</vuln>
<vuln vid="5da8b1e6-0591-11ef-9e00-080027957747">
<topic>GLPI -- multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.15,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GLPI team reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.15">
<p>GLPI 10.0.15 Changelog</p>
<ul>
<li>[SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)</li>
<li>[SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31456</cvename>
<cvename>CVE-2024-29889</cvename>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.15</url>
</references>
<dates>
<discovery>2024-04-03</discovery>
<entry>2024-04-28</entry>
</dates>
</vuln>
<vuln vid="b3affee8-04d1-11ef-8928-901b0ef714d4">
<topic>py-social-auth-app-django -- Improper Handling of Case Sensitivity</topic>
<affects>
<package>
<name>py38-social-auth-app-django</name>
<name>py39-social-auth-app-django</name>
<name>py310-social-auth-app-django</name>
<name>py311-social-auth-app-django</name>
<range><lt>5.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GitHub Advisory Database:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2024-32879">
<p>Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-32879</cvename>
<url>https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3</url>
</references>
<dates>
<discovery>2024-04-24</discovery>
<entry>2024-04-28</entry>
</dates>
</vuln>
<vuln vid="7a42852d-0347-11ef-9f97-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>124.0.6367.78</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>124.0.6367.78</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[332546345] Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02</li>
<li>[333182464] High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08</li>
<li>[333420620] High CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4058</cvename>
<cvename>CVE-2024-4059</cvename>
<cvename>CVE-2024-4060</cvename>
<url>https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html</url>
</references>
<dates>
<discovery>2024-04-24</discovery>
<entry>2024-04-25</entry>
</dates>
</vuln>
<vuln vid="10e86b16-6836-11ee-b06f-0050569ceb3a">
<topic>Unallowed PHP script execution in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>From the GLPI 10.0.10 Changelog:</p>
<blockquote
cite="https://github.com/glpi-project/glpi/releases/tag/10.0.10">
<p>You will find below security issues fixed in this bugfixes version:
[SECURITY - Critical] Unallowed PHP script execution (CVE-2023-42802).</p>
</blockquote>
<p>The mentioned CVE is invalid</p>
</body>
</description>
<references>
<cvename>CVE-2023-42802</cvename>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.10</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="894f2491-6834-11ee-b06f-0050569ceb3a">
<topic>glpi-project -- SQL injection in ITIL actors in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>10.0.8,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. The ITIL
actors input field from the Ticket form can be used to perform a
SQL injection. Users are advised to upgrade to version 10.0.10.
There are no known workarounds for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-42461</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-42461</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="54e5573a-6834-11ee-b06f-0050569ceb3a">
<topic>Phishing through a login page malicious URL in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>10.0.8,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. The lack
of path filtering on the GLPI URL may allow an attacker to transmit
a malicious URL of login page that can be used to attempt a phishing
attack on user credentials. Users are advised to upgrade to version
10.0.10. There are no known workarounds for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41888</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41888</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="20302cbc-6834-11ee-b06f-0050569ceb3a">
<topic>Users login enumeration by unauthenticated user in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. An
unauthenticated user can enumerate users logins. Users are advised
to upgrade to version 10.0.10. There are no known workarounds for
this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41323</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41323</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="ae8b1445-6833-11ee-b06f-0050569ceb3a">
<topic>Privilege Escalation from technician to super-admin in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.1.0,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. A user
with write access to another user can make requests to change the
latter's password and then take control of their account.
Users are advised to upgrade to version 10.0.10. There are no known
work around for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41322</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41322</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="6851f3bb-6833-11ee-b06f-0050569ceb3a">
<topic>Sensitive fields enumeration through API in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.1.1,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. An API
user can enumerate sensitive fields values on resources on which
he has read access. Users are advised to upgrade to version 10.0.10.
There are no known workarounds for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41321</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41321</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="df71f5aa-6831-11ee-b06f-0050569ceb3a">
<topic>File deletion through document upload process in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>10.0.0,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. The document
upload process can be diverted to delete some files. Users are
advised to upgrade to version 10.0.10. There are no known workarounds
for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-42462</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-42462</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="95c4ec45-6831-11ee-b06f-0050569ceb3a">
<topic>Account takeover through API in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.3.0,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. An API
user that have read access on users resource can steal accounts of
other users. Users are advised to upgrade to version 10.0.10.
There are no known workarounds for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41324</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41324</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="040e69f1-6831-11ee-b06f-0050569ceb3a">
<topic>Account takeover via Kanban feature in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.5.0,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. A logged
user from any profile can hijack the Kanban feature to alter any
user field, and end-up with stealing its account. Users are advised
to upgrade to version 10.0.10. There are no known workarounds for
this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41326</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41326</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="6f6518ab-6830-11ee-b06f-0050569ceb3a">
<topic>Account takeover via SQL Injection in UI layout preferences in GLPI</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>10.0.0,1</ge><lt>10.0.10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476">
<p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free
Asset and IT Management Software package, that provides ITIL Service
Desk features, licenses tracking and software auditing. UI layout
preferences management can be hijacked to lead to SQL injection.
This injection can be use to takeover an administrator account.
Users are advised to upgrade to version 10.0.10. There are no known
workarounds for this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-41320</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-41320</url>
</references>
<dates>
<discovery>2023-09-27</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="257e1bf0-682f-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to SQL injection via dashboard administration</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.5.0,1</ge><lt>10.0.9,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.9">
<p>GLPI is a Free Asset and IT Management Software package, Data center
management, ITIL Service Desk, licenses tracking and software
auditing. An administrator can trigger SQL injection via dashboards
administration. This vulnerability has been patched in version
10.0.9.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-37278</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-37278</url>
</references>
<dates>
<discovery>2023-07-13</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="40173815-6827-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to unauthorized access to User data</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Versions
of the software starting with 0.68 and prior to 10.0.8 have an
incorrect rights check on a on a file accessible by an authenticated
user. This allows access to the list of all users and their personal
information. Users should upgrade to version 10.0.8 to receive a
patch.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-34106</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-34106</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="1fe40200-6823-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to unauthorized access to KnowbaseItem data</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.2.0,1</ge><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Versions
of the software starting with 9.2.0 and prior to 10.0.8 have an
incorrect rights check on a on a file accessible by an authenticated
user, allows access to the view all KnowbaseItems. Version 10.0.8
has a patch for this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-34107</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-34107</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="b14a6ddc-6821-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to reflected XSS in search pages</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.4.0,1</ge><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Starting
in version 9.4.0 and prior to version 10.0.8, a malicious link can
be crafted by an unauthenticated user that can exploit a reflected
XSS in case any authenticated user opens the crafted link. Users
should upgrade to version 10.0.8 to receive a patch.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-34244</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-34244</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="95fde6bc-6821-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to unauthenticated access to Dashboard data</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.5.0,1</ge><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Starting
in version 9.5.0 and prior to version 10.0.8, an incorrect rights
check on a file allows an unauthenticated user to be able to access
dashboards data. Version 10.0.8 contains a patch for this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-35940</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-35940</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="717efd8a-6821-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to unauthorized access to Dashboard data</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>9.5.0,1</ge><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Starting
in version 9.5.0 and prior to version 10.0.8, an incorrect rights
check on a on a file accessible by an authenticated user (or not
for certain actions), allows a threat actor to interact, modify,
or see Dashboard data. Version 10.0.8 contains a patch for this
issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-35939</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-35939</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="548a4163-6821-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to SQL injection through Computer Virtual Machine information</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Starting
in version 0.80 and prior to version 10.0.8, Computer Virtual Machine
form and GLPI inventory request can be used to perform a SQL injection
attack. Version 10.0.8 has a patch for this issue. As a workaround,
one may disable native inventory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-36808</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-36808</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="e44e5ace-6820-11ee-b06f-0050569ceb3a">
<topic>GLPI vulnerable to SQL injection via inventory agent request</topic>
<affects>
<package>
<name>glpi</name>
<range><ge>10.0.0,1</ge><lt>10.0.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security-advisories@github.com reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8">
<p>GLPI is a free asset and IT management software package. Starting
in version 10.0.0 and prior to version 10.0.8, GLPI inventory
endpoint can be used to drive a SQL injection attack. By default,
GLPI inventory endpoint requires no authentication. Version 10.0.8
has a patch for this issue. As a workaround, one may disable native
inventory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-35924</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-35924</url>
</references>
<dates>
<discovery>2023-07-05</discovery>
<entry>2023-10-11</entry>
</dates>
</vuln>
<vuln vid="bdfa6c04-027a-11ef-9c21-901b0e9408dc">
<topic>py-matrix-synapse -- weakness in auth chain indexing allows DoS</topic>
<affects>
<package>
<name>py38-matrix-synapse</name>
<name>py39-matrix-synapse</name>
<name>py310-matrix-synapse</name>
<name>py311-matrix-synapse</name>
<range><lt>1.105.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matrix developers report:</p>
<blockquote cite="https://element.io/blog/security-release-synapse-1-105-1/">
<p>Weakness in auth chain indexing allows DoS from remote
room members through disk fill and high CPU usage. (High severity)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31208</cvename>
<url>https://element.io/blog/security-release-synapse-1-105-1/</url>
<url>https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v</url>
</references>
<dates>
<discovery>2024-04-23</discovery>
<entry>2024-04-24</entry>
</dates>
</vuln>
<vuln vid="b857606c-0266-11ef-8681-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<name>gitlab-ee</name>
<range><ge>16.11.0</ge><lt>16.11.1</lt></range>
<range><ge>16.10.0</ge><lt>16.10.4</lt></range>
<range><ge>7.8.0</ge><lt>16.9.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/">
<p>GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider</p>
<p>Path Traversal leads to DoS and Restricted File Read</p>
<p>Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search</p>
<p>Personal Access Token scopes not honoured by GraphQL subscriptions</p>
<p>Domain based restrictions bypass using a crafted email address</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-4024</cvename>
<cvename>CVE-2024-2434</cvename>
<cvename>CVE-2024-2829</cvename>
<cvename>CVE-2024-4006</cvename>
<cvename>CVE-2024-1347</cvename>
<url>https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/</url>
</references>
<dates>
<discovery>2024-04-24</discovery>
<entry>2024-04-24</entry>
</dates>
</vuln>
<vuln vid="1af16f2b-023c-11ef-8791-6805ca2fa271">
<topic>powerdns-recursor -- denial of service</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><lt>5.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released">
<p>PowerDNS Security Advisory 2024-02: if recursive forwarding is configured,
crafted responses can lead to a denial of service in Recursor</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-25583</cvename>
<url>https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html</url>
</references>
<dates>
<discovery>2024-04-24</discovery>
<entry>2024-04-24</entry>
</dates>
</vuln>
<vuln vid="bb49f1fa-00da-11ef-92b7-589cfc023192">
<topic>GLPI -- multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.13,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GLPI team reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.13">
<p>GLPI 10.0.13 Changelog</p>
<ul>
<li>[SECURITY - high] SQL Injection in through the search engine (CVE-2024-27096)</li>
<li>[SECURITY - moderate] Blind SSRF using Arbitrary Object Instantiation (CVE-2024-27098)</li>
<li>[SECURITY - moderate] Stored XSS in dashboards (CVE-2024-27104)</li>
<li>[SECURITY - moderate] Reflected XSS in debug mode (CVE-2024-27914)</li>
<li>[SECURITY - moderate] Sensitive fields access through dropdowns (CVE-2024-27930)</li>
<li>[SECURITY - moderate] Users emails enumeration (CVE-2024-27937)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-27096</cvename>
<cvename>CVE-2024-27098</cvename>
<cvename>CVE-2024-27104</cvename>
<cvename>CVE-2024-27914</cvename>
<cvename>CVE-2024-27930</cvename>
<cvename>CVE-2024-27937</cvename>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.13</url>
</references>
<dates>
<discovery>2024-03-13</discovery>
<entry>2024-04-22</entry>
</dates>
</vuln>
<vuln vid="faccf131-00d9-11ef-92b7-589cfc023192">
<topic>GLPI -- multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.12,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GLPI team reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.12">
<p>GLPI 10.0.12 Changelog</p>
<ul>
<li>[SECURITY - moderate] Reflected XSS in reports pages (CVE-2024-23645)</li>
<li>[SECURITY - moderate] LDAP Injection during authentication (CVE-2023-51446)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-23645</cvename>
<cvename>CVE-2023-51446</cvename>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.12</url>
</references>
<dates>
<discovery>2024-02-01</discovery>
<entry>2024-04-22</entry>
</dates>
</vuln>
<vuln vid="ed688880-00c4-11ef-92b7-589cfc023192">
<topic>GLPI -- multiple vulnerabilities</topic>
<affects>
<package>
<name>glpi</name>
<range><lt>10.0.11,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GLPI team reports:</p>
<blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.11">
<p>GLPI 10.0.11 Changelog</p>
<ul>
<li>[SECURITY - moderate] Authenticated SQL Injection (CVE-2023-43813)</li>
<li>[SECURITY - high] SQL injection through inventory agent request (CVE-2023-46727)</li>
<li>[SECURITY - high] Remote code execution from LDAP server configuration form on PHP 7.4 (CVE-2023-46726)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-43813</cvename>
<cvename>CVE-2023-46727</cvename>
<cvename>CVE-2023-46726</cvename>
<url>https://github.com/glpi-project/glpi/releases/tag/10.0.11</url>
</references>
<dates>
<discovery>2023-12-13</discovery>
<entry>2024-04-22</entry>
</dates>
</vuln>
<vuln vid="2ce1a2f1-0177-11ef-a45e-08002784c58d">
<topic>ruby -- Arbitrary memory address read vulnerability with Regex search</topic>
<affects>
<package>
<name>ruby</name>
<range><ge>3.1.0,1</ge><lt>3.1.5,1</lt></range>
<range><ge>3.2.0,1</ge><lt>3.2.4,1</lt></range>
<range><ge>3.3.0,1</ge><lt>3.3.1,1</lt></range>
</package>
<package>
<name>ruby31</name>
<range><ge>3.1.0,1</ge><lt>3.1.5,1</lt></range>
</package>
<package>
<name>ruby32</name>
<range><ge>3.2.0,1</ge><lt>3.2.4,1</lt></range>
</package>
<package>
<name>ruby33</name>
<range><ge>3.3.0,1</ge><lt>3.3.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>sp2ip reports:</p>
<blockquote cite="https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/">
<p>
If attacker-supplied data is provided to the Ruby regex
compiler, it is possible to extract arbitrary heap data
relative to the start of the text, including pointers and
sensitive strings.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-27282</cvename>
<url>https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/</url>
</references>
<dates>
<discovery>2024-04-23</discovery>
<entry>2024-04-23</entry>
</dates>
</vuln>
<vuln vid="304d92c3-00c5-11ef-bd52-080027bff743">
<topic>sdl2_sound -- multiple vulnerabilities</topic>
<affects>
<package>
<name>sdl2_sound</name>
<range><lt>2.0.2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GitHub Security Lab reports:</p>
<blockquote cite="https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/">
<p>stb_image.h and stb_vorbis libraries contain several memory access violations of different severity</p>
<ol>
<li>Wild address read in stbi__gif_load_next (GHSL-2023-145).</li>
<li>Multi-byte read heap buffer overflow in stbi__vertical_flip (GHSL-2023-146).</li>
<li>Disclosure of uninitialized memory in stbi__tga_load (GHSL-2023-147).</li>
<li>Double-free in stbi__load_gif_main_outofmem (GHSL-2023-148).</li>
<li>Null pointer dereference in stbi__convert_format (GHSL-2023-149).</li>
<li>Possible double-free or memory leak in stbi__load_gif_main (GHSL-2023-150).</li>
<li>Null pointer dereference because of an uninitialized variable (GHSL-2023-151).</li>
<li>0 byte write heap buffer overflow in start_decoder (GHSL-2023-165)</li>
<li>Multi-byte write heap buffer overflow in start_decoder (GHSL-2023-166)</li>
<li>Heap buffer out of bounds write in start_decoder (GHSL-2023-167)</li>
<li>Off-by-one heap buffer write in start_decoder (GHSL-2023-168)</li>
<li>Attempt to free an uninitialized memory pointer in vorbis_deinit (GHSL-2023-169)</li>
<li>Null pointer dereference in vorbis_deinit (GHSL-2023-170)</li>
<li>Out of bounds heap buffer write (GHSL-2023-171)</li>
<li>Wild address read in vorbis_decode_packet_rest (GHSL-2023-172)</li>
</ol>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45676</cvename>
<cvename>CVE-2023-45677</cvename>
<cvename>CVE-2023-45680</cvename>
<cvename>CVE-2023-45681</cvename>
<cvename>CVE-2023-45682</cvename>
<url>https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/</url>
</references>
<dates>
<discovery>2023-10-20</discovery>
<entry>2024-04-22</entry>
</dates>
</vuln>
<vuln vid="9bed230f-ffc8-11ee-8e76-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>124.0.6367.60</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>124.0.6367.60</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html">
<p>This update includes 23 security fixes:</p>
<ul>
<li>[331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27</li>
<li>[331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27</li>
<li>[330759272] High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21</li>
<li>[326607008] High CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang on 2024-02-24</li>
<li>[41491379] Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. on 2024-01-15</li>
<li>[328278717] Medium CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06</li>
<li>[41491859] Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16</li>
<li>[41493458] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22</li>
<li>[330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19</li>
<li>[41486690] Medium CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur on 2023-12-24</li>
<li>[40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23</li>
<li>[323583084] Low CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03</li>
<li>[40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23</li>
<li>[328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3832</cvename>
<cvename>CVE-2024-3833</cvename>
<cvename>CVE-2024-3914</cvename>
<cvename>CVE-2024-3834</cvename>
<cvename>CVE-2024-3837</cvename>
<cvename>CVE-2024-3838</cvename>
<cvename>CVE-2024-3839</cvename>
<cvename>CVE-2024-3840</cvename>
<cvename>CVE-2024-3841</cvename>
<cvename>CVE-2024-3843</cvename>
<cvename>CVE-2024-3844</cvename>
<cvename>CVE-2024-3845</cvename>
<cvename>CVE-2024-3846</cvename>
<cvename>CVE-2024-3847</cvename>
<url>https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html</url>
</references>
<dates>
<discovery>2024-04-16</discovery>
<entry>2024-04-21</entry>
</dates>
</vuln>
<vuln vid="ecafc4af-fe8a-11ee-890c-08002784c58d">
<topic>clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition</topic>
<affects>
<package>
<name>clamav</name>
<range><ge>1.3.0,1</ge><lt>1.3.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Błażej Pawłowski reports:</p>
<blockquote cite="https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html">
<p>
A vulnerability in the HTML parser of ClamAV could allow
an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device. The
vulnerability is due to an issue in the C to Rust foreign
function interface. An attacker could exploit this
vulnerability by submitting a crafted file containing HTML
content to be scanned by ClamAV on an affected device. An
exploit could allow the attacker to cause the ClamAV
scanning process to terminate, resulting in a DoS
condition on the affected software.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-20380</cvename>
<url>https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html</url>
</references>
<dates>
<discovery>2024-04-17</discovery>
<entry>2024-04-19</entry>
</dates>
</vuln>
<vuln vid="4ebdd56b-fe72-11ee-bc57-00e081b7aa2d">
<topic>jenkins -- Terrapin SSH vulnerability in Jenkins CLI client</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.452</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.440.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2024-04-17/">
<h1>Description</h1>
<h5>(Medium) SECURITY-3386 / CVE-2023-48795</h5>
<p>Terrapin SSH vulnerability in Jenkins CLI client</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-48795</cvename>
<url>https://www.jenkins.io/security/advisory/2024-04-17/</url>
</references>
<dates>
<discovery>2024-04-17</discovery>
<entry>2024-04-19</entry>
</dates>
</vuln>
<vuln vid="f90bf863-e43c-4db3-b5a8-d9603684657a">
<topic>electron{27,28,29} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.11</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.3.1</lt></range>
</package>
<package>
<name>electron29</name>
<range><lt>29.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron develpers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.11">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-3515.</li>
<li>Security: backported fix for CVE-2024-3516.</li>
<li>Security: backported fix for CVE-2024-3157.</li>
<li>Security: backported fix for CVE-2024-1580.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3515</cvename>
<url>https://github.com/advisories/GHSA-x6cj-gx36-vcxv</url>
<cvename>CVE-2024-3516</cvename>
<url>https://github.com/advisories/GHSA-jf9g-42gm-v87w</url>
<cvename>CVE-2024-3157</cvename>
<url>https://github.com/advisories/GHSA-4m4g-p795-cmq7</url>
<cvename>CVE-2024-1580</cvename>
<url>https://github.com/advisories/GHSA-3p7f-4r2q-wxmm</url>
</references>
<dates>
<discovery>2024-04-16</discovery>
<entry>2024-04-18</entry>
</dates>
</vuln>
<vuln vid="6d82c5e9-fc24-11ee-a689-04421a1baf97">
<topic>php -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>php81</name>
<range><lt>8.1.28</lt></range>
</package>
<package>
<name>php82</name>
<range><lt>8.2.18</lt></range>
</package>
<package>
<name>php83</name>
<range><lt>8.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>This update includes 3 security fixes:</p>
<blockquote cite="https://seclists.org/oss-sec/2024/q2/113/">
<ul>
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
<li>Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix</li>
<li>High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1874</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7</url>
<cvename>CVE-2024-2756</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4</url>
<cvename>CVE-2024-3096</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr</url>
<cvename>CVE-2024-2757</cvename>
<url>https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq</url>
</references>
<dates>
<discovery>2024-04-11</discovery>
<entry>2024-04-16</entry>
</dates>
</vuln>
<vuln vid="cdb5e0e3-fafc-11ee-9c21-901b0e9408dc">
<topic>go -- http2: close connections when receiving too many headers</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.2</lt></range>
</package>
<package>
<name>go121</name>
<range><lt>1.21.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/65051">
<p>http2: close connections when receiving too many headers</p>
<p>Maintaining HPACK state requires that we parse and
process all HEADERS and CONTINUATION frames on a
connection. When a request's headers exceed MaxHeaderBytes,
we don't allocate memory to store the excess headers but we
do parse them. This permits an attacker to cause an HTTP/2
endpoint to read arbitrary amounts of header data, all
associated with a request which is going to be
rejected. These headers can include Huffman-encoded data
which is significantly more expensive for the receiver to
decode than for an attacker to send.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45288</cvename>
<url>https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ</url>
</references>
<dates>
<discovery>2024-04-03</discovery>
<entry>2024-04-15</entry>
</dates>
</vuln>
<vuln vid="7314942b-0889-46f0-b02b-2c60aabe4a82">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>123.0.6312.122</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>123.0.6312.122</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26</li>
<li>[328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09</li>
<li>[331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3157</cvename>
<cvename>CVE-2024-3516</cvename>
<cvename>CVE-2024-3515</cvename>
<url>https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html</url>
</references>
<dates>
<discovery>2024-04-10</discovery>
<entry>2024-04-12</entry>
</dates>
</vuln>
<vuln vid="080936ba-fbb7-11ee-abc8-6960f2492b1d">
<topic>PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key</topic>
<affects>
<package>
<name>putty</name>
<range><ge>0.68</ge><lt>0.81</lt></range>
</package>
<package>
<name>putty-nogtk</name>
<range><ge>0.68</ge><lt>0.81</lt></range>
</package>
<package>
<name>filezilla</name>
<range><lt>3.67.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon Tatham reports:</p>
<blockquote cite="https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html">
<p>ECDSA signatures using 521-bit keys (the NIST P521 curve,
otherwise known as ecdsa-sha2-nistp521) were generated with biased
random numbers. This permits an attacker in possession of a few
dozen signatures to RECOVER THE PRIVATE KEY.</p>
<p>Any 521-bit ECDSA private key that PuTTY or Pageant has used to
sign anything should be considered compromised.</p>
<p>Additionally, if you have any 521-bit ECDSA private keys that
you've used with PuTTY, you should consider them to be
compromised: generate new keys, and remove the old public keys
from any authorized_keys files.</p>
</blockquote>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2024-31497">
<p>
A second, independent scenario is that the adversary is an operator
of an SSH server to which the victim authenticates (for remote login
or file copy), [...] and the victim uses the same private key for
SSH connections to other services operated by other entities. Here,
the rogue server operator (who would otherwise have no way to
determine the victim's private key) can derive the victim's private
key, and then use it for unauthorized access to those other
services. If the other services include Git services, then again it
may be possible to conduct supply-chain attacks on software
maintained in Git. This also affects, for example, FileZilla before
3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and
TortoiseSVN through 1.14.6.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31497</cvename>
<url>https://lists.tartarus.org/pipermail/putty-announce/2024/000038.html</url>
<url>https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html</url>
<url>https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git</url>
<url>https://filezilla-project.org/versions.php</url>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-31497</url>
</references>
<dates>
<discovery>2024-04-01</discovery> <!-- see git.tartarus.org link to commit c193fe9848f -->
<entry>2024-04-16</entry>
</dates>
</vuln>
<vuln vid="31617e47-7eec-4c60-9fdf-8aee61622bab">
<topic>electron{27,28} -- Out of bounds memory access in V8</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.10</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.10">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-3159.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3159</cvename>
<url>https://github.com/advisories/GHSA-mh2p-2x66-3hr4</url>
</references>
<dates>
<discovery>2024-04-10</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="7c217849-f7d7-11ee-a490-84a93843eb75">
<topic>OpenSSL -- Unbounded memory growth with session handling in TLSv1.3</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.13_3,1</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.5_3</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.1_2</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.13_3</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.5_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240408.txt">
<p>Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2511</cvename>
<url>https://www.openssl.org/news/secadv/20240408.txt</url>
</references>
<dates>
<discovery>2024-04-08</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="c092be0e-f7cc-11ee-aa6b-b42e991fc52e">
<topic>forgejo -- HTTP/2 CONTINUATION flood in net/http</topic>
<affects>
<package>
<name>forgejo</name>
<range><lt>1.21.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>security@golang.org reports:</p>
<blockquote cite="https://go.dev/cl/576155">
<p>An attacker may cause an HTTP/2 endpoint to read arbitrary amounts
of header data by sending an excessive number of CONTINUATION frames.
Maintaining HPACK state requires parsing and processing all HEADERS
and CONTINUATION frames on a connection. When a request's
headers exceed MaxHeaderBytes, no memory is allocated to store the
excess headers, but they are still parsed. This permits an attacker
to cause an HTTP/2 endpoint to read arbitrary amounts of header
data, all associated with a request which is going to be rejected.
These headers can include Huffman-encoded data which is significantly
more expensive for the receiver to decode than for an attacker to
send. The fix sets a limit on the amount of excess header frames
we will process before closing a connection.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45288</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-45288</url>
</references>
<dates>
<discovery>2024-04-04</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="02be46c1-f7cc-11ee-aa6b-b42e991fc52e">
<topic>jose -- DoS vulnerability</topic>
<affects>
<package>
<name>jose</name>
<range><lt>13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md">
<p>
latchset jose through version 11 allows attackers to cause
a denial of service (CPU consumption) via a large p2c (aka
PBES2 Count) value.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-50967</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-50967</url>
</references>
<dates>
<discovery>2024-03-20</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="dad6294c-f7c1-11ee-bb77-001b217b3468">
<topic>Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.10.0</ge><lt>16.10.2</lt></range>
<range><ge>16.9.0</ge><lt>16.9.4</lt></range>
<range><lt>16.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/">
<p>Stored XSS injected in diff viewer</p>
<p>Stored XSS via autocomplete results</p>
<p>Redos on Integrations Chat Messages</p>
<p>Redos During Parse Junit Test Report</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3092</cvename>
<cvename>CVE-2024-2279</cvename>
<cvename>CVE-2023-6489</cvename>
<cvename>CVE-2023-6678</cvename>
<url>https://about.gitlab.com/releases/2024/04/10/patch-release-gitlab-16-10-2-released/</url>
</references>
<dates>
<discovery>2024-04-10</discovery>
<entry>2024-04-11</entry>
</dates>
</vuln>
<vuln vid="ea4a2dfc-f761-11ee-af2c-589cfc0f81b0">
<topic>wordpress -- XSS</topic>
<affects>
<package>
<name>wordpress</name>
<name>fr-wordpress-fr_FR</name>
<range><ge>6.5.0,1</ge><lt>6.5.1,1</lt></range>
<range><lt>6.4.4,1</lt></range>
</package>
<package>
<name>ru-wordpress-ru_RU</name>
<name>ja-wordpress-ja</name>
<name>zh-wordpress-zh_CN</name>
<name>zh-wordpress-zh_TW</name>
<name>de-wordpress-de_DE</name>
<range><ge>6.5.0</ge><lt>6.5.1</lt></range>
<range><lt>6.4.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Wordpress team reports:</p>
<blockquote cite="https://wordpress.org/documentation/wordpress-version/version-6-4-4/">
<p>A cross-site scripting (XSS) vulnerability affecting the Avatar block type</p>
</blockquote>
</body>
</description>
<references>
<url>https://wordpress.org/documentation/wordpress-version/version-6-4-4/</url>
</references>
<dates>
<discovery>2024-04-09</discovery>
<entry>2024-04-10</entry>
</dates>
</vuln>
<vuln vid="8e6f684b-f333-11ee-a573-84a93843eb75">
<topic>Apache httpd -- multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.59</lt></range>
</package>
<package>
<name>mod_http2</name>
<range><lt>2.0.27</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.59">
<p>HTTP/2 DoS by memory exhaustion on endless continuation frames</p>
<p>HTTP Response Splitting in multiple modules</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-27316</cvename>
<cvename>CVE-2024-24795</cvename>
<cvename>CVE-2024-38709</cvename>
<url>https://downloads.apache.org/httpd/CHANGES_2.4.59</url>
</references>
<dates>
<discovery>2024-04-04</discovery>
<entry>2024-04-05</entry>
</dates>
</vuln>
<vuln vid="c2431c4e-622c-4d92-996d-d8b5258ae8c9">
<topic>electron{27,28} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.9</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.9">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-2885.</li>
<li>Security: backported fix for CVE-2024-2883.</li>
<li>Security: backported fix for CVE-2024-2887.</li>
<li>Security: backported fix for CVE-2024-2886.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2885</cvename>
<url>https://github.com/advisories/GHSA-qccw-wmvp-8pv9</url>
<cvename>CVE-2024-2883</cvename>
<url>https://github.com/advisories/GHSA-gg9c-7j6m-3qq2</url>
<cvename>CVE-2024-2887</cvename>
<url>https://github.com/advisories/GHSA-q75f-2pp5-9phj</url>
<cvename>CVE-2024-2886</cvename>
<url>https://github.com/advisories/GHSA-5pj4-f8gh-j3mr</url>
</references>
<dates>
<discovery>2024-04-03</discovery>
<entry>2024-04-05</entry>
</dates>
</vuln>
<vuln vid="4a026b6c-f2b8-11ee-8e76-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>123.0.6312.105</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>123.0.6312.105</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[329130358] High CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-03-12</li>
<li>[329965696] High CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish on 2024-03-17</li>
<li>[330760873] High CVE-2024-3159: Out of bounds memory access in V8. Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks, via Pwn2Own 2024 on 2024-03-22</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-3156</cvename>
<cvename>CVE-2024-3158</cvename>
<cvename>CVE-2024-3159</cvename>
<url>https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-04-02</discovery>
<entry>2024-04-04</entry>
</dates>
</vuln>
<vuln vid="57561cfc-f24b-11ee-9730-001fc69cd6dc">
<topic>xorg server -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>xorg-server</name>
<name>xephyr</name>
<name>xorg-vfbserver</name>
<range><lt>21.1.12,1</lt></range>
</package>
<package>
<name>xorg-nextserver</name>
<range><lt>21.1.12,2</lt></range>
</package>
<package>
<name>xwayland</name>
<range><lt>23.2.5</lt></range>
</package>
<package>
<name>xwayland-devel</name>
<range><ge>21.0.99.1.672</ge><lt>21.0.99.1.841_1</lt></range>
<range><lt>21.0.99.1.671_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The X.Org project reports:</p>
<blockquote cite="https://lists.x.org/archives/xorg-announce/2024-April/003497.html">
<ul>
<li>
CVE-2024-31080: Heap buffer overread/data leakage in
ProcXIGetSelectedEvents
<p>The ProcXIGetSelectedEvents() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.</p>
</li>
<li>CVE-2024-31081: Heap buffer overread/data leakage in
ProcXIPassiveGrabDevice
<p>The ProcXIPassiveGrabDevice() function uses the byte-swapped
length of the return data for the amount of data to return to
the client, if the client has a different endianness than
the X server.</p>
</li>
<li>CVE-2024-31083: User-after-free in ProcRenderAddGlyphs
<p>The ProcRenderAddGlyphs() function calls the AllocateGlyph()
function to store new glyphs sent by the client to the X server.
AllocateGlyph() would return a new glyph with refcount=0 and
a re-used glyph would end up not changing the refcount at all.
The resulting glyph_new array would thus have multiple entries
pointing to the same non-refcounted glyphs.
ProcRenderAddGlyphs() may free a glyph, resulting in a
use-after-free when the same glyph pointer is then later used.</p>
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-31080</cvename>
<cvename>CVE-2024-31081</cvename>
<cvename>CVE-2024-31083</cvename>
<url>https://lists.x.org/archives/xorg-announce/2024-April/003497.html</url>
</references>
<dates>
<discovery>2024-04-03</discovery>
<entry>2024-04-04</entry>
</dates>
</vuln>
<vuln vid="2e3bea0c-f110-11ee-bc57-00e081b7aa2d">
<topic>jenkins -- HTTP/2 denial of service vulnerability in bundled Jetty</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.444</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.440.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2024-03-20/">
<h1>Description</h1>
<h5>(High) SECURITY-3379 / CVE-2024-22201</h5>
<p>HTTP/2 denial of service vulnerability in bundled Jetty</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-22201</cvename>
<url>https://www.jenkins.io/security/advisory/2024-03-20/</url>
</references>
<dates>
<discovery>2024-03-20</discovery>
<entry>2024-04-02</entry>
</dates>
</vuln>
<vuln vid="d58726ff-ef5e-11ee-8d8e-080027a5b8e9">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki139</name>
<range><lt>1.39.7</lt></range>
</package>
<package>
<name>mediawiki140</name>
<range><lt>1.40.3</lt></range>
</package>
<package>
<name>mediawiki141</name>
<range><lt>1.41.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mediawiki reports:</p>
<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/">
<p>(T355538, CVE-2024-PENDING) SECURITY: XSS in edit summary parser.</p>
<p>(T357760, CVE-2024-PENDING) SECURITY: Denial of service vector via GET
request to Special:MovePage on pages with thousands of subpages.</p>
</blockquote>
</body>
</description>
<references>
<url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/V3WXEPXV2DU6WTVEKK4XHW4QXD5OFKD7/</url>
</references>
<dates>
<discovery>2024-03-15</discovery>
<entry>2024-03-31</entry>
</dates>
</vuln>
<vuln vid="bdcd041e-5811-4da3-9243-573a9890fdb1">
<topic>electron{27,28} -- Object lifecycle issue in V8</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.8</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.8">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-2625.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2625</cvename>
<url>https://github.com/advisories/GHSA-j7h3-fcrw-g6j8</url>
</references>
<dates>
<discovery>2024-03-28</discovery>
<entry>2024-03-29</entry>
</dates>
</vuln>
<vuln vid="d2992bc2-ed18-11ee-96dc-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.10.0</ge><lt>16.10.1</lt></range>
<range><ge>16.9.0</ge><lt>16.9.3</lt></range>
<range><lt>16.8.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/">
<p>Stored-XSS injected in Wiki page via Banzai pipeline</p>
<p>DOS using crafted emojis</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6371</cvename>
<cvename>CVE-2024-2818</cvename>
<url>https://about.gitlab.com/releases/2024/03/27/security-release-gitlab-16-10-1-released/</url>
</references>
<dates>
<discovery>2024-03-27</discovery>
<entry>2024-03-28</entry>
</dates>
</vuln>
<vuln vid="814af1be-ec63-11ee-8e76-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>123.0.6312.86</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>123.0.6312.86</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html">
<p>This update includes 7 security fixes:</p>
<ul>
<li>[327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03</li>
<li>[328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11</li>
<li>[330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21</li>
<li>[330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2883</cvename>
<cvename>CVE-2024-2885</cvename>
<cvename>CVE-2024-2886</cvename>
<cvename>CVE-2024-2887</cvename>
<url>https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html</url>
</references>
<dates>
<discovery>2024-03-26</discovery>
<entry>2024-03-27</entry>
</dates>
</vuln>
<vuln vid="8b3be705-eba7-11ee-99b3-589cfc0f81b0">
<topic>phpmyfaq -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpmyfaq-php81</name>
<name>phpmyfaq-php82</name>
<name>phpmyfaq-php83</name>
<range><lt>3.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyFAQ team reports:</p>
<blockquote cite="https://www.phpmyfaq.de/security/advisory-2024-03-25">
<p>The phpMyFAQ Team has learned of multiple security issues that'd
been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains
cross-site scripting (XSS), SQL injection and bypass
vulnerabilities.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw</url>
</references>
<dates>
<discovery>2024-03-25</discovery>
<entry>2024-03-26</entry>
</dates>
</vuln>
<vuln vid="f661184a-eb90-11ee-92fc-1c697a616631">
<topic>emacs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>emacs</name>
<name>emacs-canna</name>
<name>emacs-nox</name>
<range><lt>29.3,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GNU Emacs developers report:</p>
<blockquote cite="https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3">
<p>Emacs 29.3 is an emergency bugfix release intended to fix several security vulnerabilities.</p>
<ul>
<li>Arbitrary Lisp code is no longer evaluated as part of turning on Org mode. This is for security reasons, to avoid evaluating malicious Lisp code.</li>
<li>New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp programs should treat buffer contents with extra caution.</li>
<li>Gnus now treats inline MIME contents as untrusted. To get back previous insecure behavior, 'untrusted-content' should be reset to nil in the buffer.</li>
<li>LaTeX preview is now by default disabled for email attachments. To get back previous insecure behavior, set the variable 'org--latex-preview-when-risky' to a non-nil value.</li>
<li>Org mode now considers contents of remote files to be untrusted. Remote files are recognized by calling 'file-remote-p'.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-30202</cvename>
<cvename>CVE-2024-30203</cvename>
<cvename>CVE-2024-30204</cvename>
<cvename>CVE-2024-30205</cvename>
<url>https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3</url>
</references>
<dates>
<discovery>2024-03-24</discovery>
<entry>2024-03-26</entry>
</dates>
</vuln>
<vuln vid="34f98d06-eb56-11ee-8007-6805ca2fa271">
<topic>quiche -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>quiche</name>
<range><lt>0.20.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Quiche Releases reports:</p>
<blockquote cite="https://github.com/cloudflare/quiche/releases/tag/0.20.1">
<p>This release includes 2 security fixes:</p>
<ul>
<li>
CVE-2024-1410: Unbounded storage of information related to
connection ID retirement, in quiche. Reported by Marten
Seeman (@marten-seeman)
</li>
<li>
CVE-2024-1765: Unlimited resource allocation by QUIC
CRYPTO frames flooding in quiche. Reported by Marten
Seeman (@marten-seeman)
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1410</cvename>
<cvename>CVE-2024-1765</cvename>
<url>https://github.com/cloudflare/quiche/releases/tag/0.20.1</url>
</references>
<dates>
<discovery>2024-03-12</discovery>
<entry>2024-03-26</entry>
</dates>
</vuln>
<vuln vid="80815c47-e84f-11ee-8e76-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>123.0.6312.58</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>123.0.6312.58</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html">
<p>This update includes 12 security fixes:</p>
<ul>
<li>[327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01</li>
<li>[40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22</li>
<li>[41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21</li>
<li>[41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03</li>
<li>[41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02</li>
<li>[41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07</li>
<li>[41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2625</cvename>
<cvename>CVE-2024-2626</cvename>
<cvename>CVE-2024-2627</cvename>
<cvename>CVE-2024-2628</cvename>
<cvename>CVE-2024-2629</cvename>
<cvename>CVE-2024-2630</cvename>
<cvename>CVE-2024-2631</cvename>
<url>https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html</url>
</references>
<dates>
<discovery>2024-03-19</discovery>
<entry>2024-03-22</entry>
</dates>
</vuln>
<vuln vid="7a7129ef-e790-11ee-a1c0-0050569f0b83">
<topic>security/shibboleth-idp -- CAS service SSRF</topic>
<affects>
<package>
<name>shibboleth-idp</name>
<range><ge>4.3.0</ge><lt>4.3.2</lt></range>
<range><ge>5.0.0</ge><lt>5.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Shibboleth Developers report:</p>
<blockquote cite="https://shibboleth.net/community/advisories/secadv_20240320.txt">
<p>The Identity Provider's CAS support relies on a function in the
Spring Framework to parse CAS service URLs and append the ticket
parameter.</p>
</blockquote>
</body>
</description>
<references>
<url>https://shibboleth.net/community/advisories/secadv_20240320.txt</url>
</references>
<dates>
<discovery>2024-03-20</discovery>
<entry>2024-03-21</entry>
</dates>
</vuln>
<vuln vid="a8448963-e6f5-11ee-a784-dca632daf43b">
<topic>databases/mongodb* -- Improper Certificate Validation</topic>
<affects>
<package>
<name>mongodb44</name>
<range><lt>4.4.29</lt></range>
</package>
<package>
<name>mongodb50</name>
<range><lt>5.0.25</lt></range>
</package>
<package>
<name>mongodb60</name>
<range><lt>6.0.14</lt></range>
</package>
<package>
<name>mongodb70</name>
<range><lt>7.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MongoDB, Inc. reports:</p>
<blockquote cite="https://jira.mongodb.org/browse/SERVER-72839">
<p>A security vulnerability was found where a server process
running MongoDB 3.2.6 or later will allow incoming connections
to skip peer certificate validation if the server process was
started with TLS enabled (net.tls.mode set to allowTLS,
preferTLS, or requireTLS) and without a net.tls.CAFile
configured (CVE-2024-1351).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1351</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-1351</url>
</references>
<dates>
<discovery>2024-03-07</discovery>
<entry>2024-03-20</entry>
</dates>
</vuln>
<vuln vid="05b7180b-e571-11ee-a1c0-0050569f0b83">
<topic>www/varnish7 -- Denial of Service</topic>
<affects>
<package>
<name>varnish7</name>
<range><lt>7.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Varnish Development Team reports:</p>
<blockquote cite="https://varnish-cache.org/security/VSV00014.html#vsv00014">
<p>A denial of service attack can be performed on Varnish Cacher servers
that have the HTTP/2 protocol turned on. An attacker can let the
servers HTTP/2 connection control flow window run out of credits
indefinitely and prevent progress in the processing of streams,
retaining the associated resources.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-43622</cvename>
<url>https://varnish-cache.org/security/VSV00014.html#vsv00014</url>
</references>
<dates>
<discovery>2019-04-19</discovery>
<entry>2024-03-18</entry>
</dates>
</vuln>
<vuln vid="0a48e552-e470-11ee-99b3-589cfc0f81b0">
<topic>amavisd-new -- multipart boundary confusion</topic>
<affects>
<package>
<name>amavisd-new</name>
<range><lt>2.12.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Amavis project reports:</p>
<blockquote cite="https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054">
<p>Emails which consist of multiple parts (`Content-Type: multipart/*`)
incorporate boundary information stating at which point one part ends and the
next part begins.</p>
<p>A boundary is announced by an Content-Type header's `boundary` parameter. To
our current knowledge, RFC2046 and RFC2045 do not explicitly specify how a
parser should handle multiple boundary parameters that contain conflicting
values. As a result, there is no canonical choice which of the values should or
should not be used for mime part decomposition.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-28054</cvename>
<url>https://gitlab.com/amavis/amavis/-/raw/v2.12.3/README_FILES/README.CVE-2024-28054</url>
</references>
<dates>
<discovery>2024-03-14</discovery>
<entry>2024-03-17</entry>
</dates>
</vuln>
<vuln vid="1ad3d264-e36b-11ee-9c27-40b034429ecf">
<topic>typo3-{11,12} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>typo3-11</name>
<range><lt>11.5.35</lt></range>
</package>
<package>
<name>typo3-12</name>
<range><lt>12.4.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Typo3 developers reports:</p>
<blockquote cite="https://typo3.org/article/typo3-1301-12411-and-11535-security-releases-published">
<p>All versions are security releases and contain important security fixes - read the corresponding security advisories here:</p>
<ul>
<li>Path Traversal in TYPO3 File Abstraction Layer Storages CVE-2023-30451</li>
<li>Code Execution in TYPO3 Install Tool CVE-2024-22188</li>
<li>Information Disclosure of Hashed Passwords in TYPO3 Backend Forms CVE-2024-25118</li>
<li>Information Disclosure of Encryption Key in TYPO3 Install Tool CVE-2024-25119</li>
<li>Improper Access Control of Resources Referenced by t3:// URI Scheme CVE-2024-25120</li>
<li>Improper Access Control Persisting File Abstraction Layer Entities via Data Handler CVE-2024-25121</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-30451</cvename>
<cvename>CVE-2024-22188</cvename>
<cvename>CVE-2024-25118</cvename>
<cvename>CVE-2024-25119</cvename>
<cvename>CVE-2024-25120</cvename>
<cvename>CVE-2024-25121</cvename>
<url>https://typo3.org/article/typo3-1301-12411-and-11535-security-releases-published</url>
</references>
<dates>
<discovery>2024-02-13</discovery>
<entry>2024-03-16</entry>
</dates>
</vuln>
<vuln vid="49dd9362-4473-48ae-8fac-e1b69db2dedf">
<topic>electron{27,28} -- Out of bounds memory access in V8</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.6</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.6">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-2173.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2173</cvename>
<url>https://github.com/advisories/GHSA-6hhg-hj7x-7qv8</url>
</references>
<dates>
<discovery>2024-03-13</discovery>
<entry>2024-03-14</entry>
</dates>
</vuln>
<vuln vid="b6dd9d93-e09b-11ee-92fc-1c697a616631">
<topic>Intel CPUs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>cpu-microcode-intel</name>
<range><lt>20240312</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Intel reports:</p>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00972.html">
<p>2024.1 IPU - Intel Processor Bus Lock Advisory</p>
<p>A potential security vulnerability in the bus lock regulator
mechanism for some Intel Processors may allow denial of service. Intel
is releasing firmware updates to mitigate this potential
vulnerability.</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html">
<p>2024.1 IPU - Intel Processor Return Predictions Advisory</p>
<p>A potential security vulnerability in some Intel Processors may
allow information disclosure.</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00898.html">
<p>2024.1 IPU - Intel Atom Processor Advisory</p>
<p>A potential security vulnerability in some Intel Atom Processors
may allow information disclosure.</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00960.html">
<p>2024.1 IPU - Intel Xeon Processor Advisory</p>
<p>A potential security vulnerability in some 3rd and 4th Generation
Intel Xeon Processors when using Intel Software Guard Extensions (SGX)
or Intel Trust Domain Extensions (TDX) may allow escalation of
privilege.</p>
</blockquote>
<blockquote cite="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html">
<p>2024.1 IPU OOB - Intel Xeon D Processor Advisory</p>
<p>A potential security vulnerability in some Intel Xeon D Processors
with Intel Software Guard Extensions (SGX) may allow information
disclosure.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-39368</cvename>
<cvename>CVE-2023-38575</cvename>
<cvename>CVE-2023-28746</cvename>
<cvename>CVE-2023-22655</cvename>
<cvename>CVE-2023-43490</cvename>
<url>https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20240312</url>
</references>
<dates>
<discovery>2023-03-12</discovery>
<entry>2024-03-12</entry>
</dates>
</vuln>
<vuln vid="6d31ef38-df85-11ee-abf1-6c3be5272acd">
<topic>Grafana -- Data source permission escalation</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>8.5.0</ge><lt>9.5.17</lt></range>
<range><ge>10.0.0</ge><lt>10.0.12</lt></range>
<range><ge>10.1.0</ge><lt>10.1.8</lt></range>
<range><ge>10.2.0</ge><lt>10.2.5</lt></range>
<range><ge>10.3.0</ge><lt>10.3.4</lt></range>
</package>
<package>
<name>grafana9</name>
<range><lt>9.5.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2024/03/07/grafana-security-release-medium-severity-security-fix-for-cve-2024-1442/">
<p>The vulnerability impacts Grafana Cloud and Grafana Enterprise instances,
and it is exploitable if a user who should not be able to access all data
sources is granted permissions to create a data source.</p>
<p>By default, only organization Administrators are allowed to create a data
source and have full access to all data sources. All other users need to be
explicitly granted permission to create a data source, which then means they
could exploit this vulnerability.</p>
<p>When a user creates a data source via the
<a href="https://grafana.com/docs/grafana/latest/developers/http_api/data_source/#create-a-data-source">API</a>,
they can specify data source UID. If the UID is set to an asterisk (*),
the user gains permissions to query, update, and delete all data sources
in the organization. The exploit, however, does not stretch across
organizations — to exploit the vulnerability in several organizations, a user
would need permissions to create data sources in each organization.</p>
<p>The vulnerability comes from a lack of UID validation. When evaluating
permissions, we interpret an asterisk (*) as a wild card for all resources.
Therefore, we should treat it as a reserved value, and not allow the creation
of a resource with the UID set to an asterisk.</p>
<p>The CVSS score for this vulnerability is
<a href="https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L&version=3.1">6 Medium</a>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1442</cvename>
<url>https://grafana.com/security/security-advisories/cve-2024-1442/</url>
</references>
<dates>
<discovery>2024-02-12</discovery>
<entry>2024-03-11</entry>
<modified>2024-03-26</modified>
</dates>
</vuln>
<vuln vid="c2ad8700-de25-11ee-9190-84a93843eb75">
<topic>Unbound -- Denial-of-Service vulnerability</topic>
<affects>
<package>
<name>unbound</name>
<range><gt>1.18.0</gt><lt>1.19.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NLNet Labs reports:</p>
<blockquote cite="https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt">
<p>Unbound 1.18.0 introduced a feature that removes EDE records from
responses with size higher than the client's advertised buffer size.
Before removing all the EDE records however, it would try to see if
trimming the extra text fields on those records would result in an
acceptable size while still retaining the EDE codes. Due to an
unchecked condition, the code that trims the text of the EDE records
could loop indefinitely. This happens when Unbound would reply with
attached EDE information on a positive reply and the client's buffer
size is smaller than the needed space to include EDE records.
The vulnerability can only be triggered when the 'ede: yes' option
is used; non default configuration.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1931</cvename>
<url>https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt</url>
</references>
<dates>
<discovery>2024-03-07</discovery>
<entry>2024-03-09</entry>
</dates>
</vuln>
<vuln vid="e74da31b-276a-4a22-9772-17dd42b97559">
<topic>electron{27,28} -- vulnerability in libxml2</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.5</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.5">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-25062.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-25062</cvename>
<url>https://github.com/advisories/GHSA-x77r-6xxm-wjmx</url>
</references>
<dates>
<discovery>2024-03-06</discovery>
<entry>2024-03-07</entry>
</dates>
</vuln>
<vuln vid="b2caae55-dc38-11ee-96dc-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.9.0</ge><lt>16.9.2</lt></range>
<range><ge>16.8.0</ge><lt>16.8.4</lt></range>
<range><ge>11.3.0</ge><lt>16.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/">
<p>Bypassing CODEOWNERS approval allowing to steal protected variables</p>
<p>Guest with manage group access tokens can rotate and see group access token with owner permissions</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0199</cvename>
<cvename>CVE-2024-1299</cvename>
<url>https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/</url>
</references>
<dates>
<discovery>2024-03-06</discovery>
<entry>2024-03-07</entry>
</dates>
</vuln>
<vuln vid="b1b039ec-dbfc-11ee-9165-901b0e9408dc">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go122</name>
<range><lt>1.22.1</lt></range>
</package>
<package>
<name>go121</name>
<range><lt>1.21.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports reports:</p>
<blockquote cite="https://go.dev/issue/65390">
<p>crypto/x509: Verify panics on certificates with an
unknown public key algorithm</p>
<p>Verifying a certificate chain which contains a
certificate with an unknown public key algorithm will
cause Certificate.Verify to panic.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/65383">
<p>net/http: memory exhaustion in Request.ParseMultipartForm</p>
<p>When parsing a multipart form (either explicitly with
Request.ParseMultipartForm or implicitly with Request.FormValue,
Request.PostFormValue, or Request.FormFile), limits on the total
size of the parsed form were not applied to the memory consumed
while reading a single form line. This permitted a maliciously
crafted input containing very long lines to cause allocation of
arbitrarily large amounts of memory, potentially leading to memory
exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/65065">
<p>net/http, net/http/cookiejar: incorrect forwarding
of sensitive headers and cookies on HTTP redirect</p>
<p>When following an HTTP redirect to a domain which
is not a subdomain match or exact match of the initial
domain, an http.Client does not forward sensitive headers
such as "Authorization" or "Cookie". For example, a
redirect from foo.com to www.foo.com will forward the
Authorization header, but a redirect to bar.com will not.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/65697">
<p>html/template: errors returned from MarshalJSON methods
may break template escaping</p>
<p>If errors returned from MarshalJSON methods contain user
controlled data, they may be used to break the contextual
auto-escaping behavior of the html/template package, allowing
for subsequent actions to inject unexpected content into
templates.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/65083">
<p>net/mail: comments in display names are incorrectly handled</p>
<p>The ParseAddressList function incorrectly handles comments
(text within parentheses) within display names. Since this is a
misalignment with conforming address parsers, it can result in
different trust decisions being made by programs using different
parsers.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45289</cvename>
<cvename>CVE-2023-45290</cvename>
<cvename>CVE-2024-24783</cvename>
<cvename>CVE-2024-24784</cvename>
<cvename>CVE-2024-24785</cvename>
<url>https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ</url>
</references>
<dates>
<discovery>2024-03-05</discovery>
<entry>2024-03-06</entry>
</dates>
</vuln>
<vuln vid="fd3401a1-b6df-4577-917a-2c22fee99d34">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>122.0.6261.111</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>122.0.6261.111</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19</li>
<li>[325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19</li>
<li>[325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-2173</cvename>
<cvename>CVE-2024-2174</cvename>
<cvename>CVE-2024-2176</cvename>
<url>https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-03-05</discovery>
<entry>2024-03-06</entry>
</dates>
</vuln>
<vuln vid="0ef3398e-da21-11ee-b23a-080027a5b8e9">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py39-django32</name>
<name>py310-django32</name>
<name>py311-django32</name>
<range><lt>3.2.25</lt></range>
</package>
<package>
<name>py39-django42</name>
<name>py310-django42</name>
<name>py311-django42</name>
<range><lt>4.2.11</lt></range>
</package>
<package>
<name>py310-django50</name>
<name>py311-django50</name>
<range><lt>5.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2024/mar/04/security-releases/">
<p>CVE-2024-27351: Potential regular expression denial-of-service in
django.utils.text.Truncator.words().</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-27351</cvename>
<url>https://www.djangoproject.com/weblog/2024/mar/04/security-releases/</url>
</references>
<dates>
<discovery>2024-02-25</discovery>
<entry>2024-03-04</entry>
</dates>
</vuln>
<vuln vid="77a6f1c9-d7d2-11ee-bb12-001b217b3468">
<topic>NodeJS -- Vulnerabilities</topic>
<affects>
<package>
<name>node</name>
<range><ge>21.0.0</ge><lt>21.6.2</lt></range>
<range><ge>20.0.0</ge><lt>20.11.1</lt></range>
<range><ge>18.0.0</ge><lt>18.19.1</lt></range>
<range><ge>16.0.0</ge><lt>16.20.3</lt></range>
</package>
<package>
<name>node16</name>
<range><ge>16.0.0</ge><lt>16.20.3</lt></range>
</package>
<package>
<name>node18</name>
<range><ge>18.0.0</ge><lt>18.19.1</lt></range>
</package>
<package>
<name>node20</name>
<range><ge>20.0.0</ge><lt>20.11.1</lt></range>
</package>
<package>
<name>node21</name>
<range><ge>21.0.0</ge><lt>21.6.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Node.js reports:</p>
<blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito">
<p>Code injection and privilege escalation through Linux capabilities- (High)</p>
<p>http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)</p>
<p>Path traversal by monkey-patching Buffer internals- (High)</p>
<p>setuid() does not drop all privileges due to io_uring - (High)</p>
<p>Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)</p>
<p>Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)</p>
<p>Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)</p>
<p>Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-21892</cvename>
<cvename>CVE-2024-22019</cvename>
<cvename>CVE-2024-21896</cvename>
<cvename>CVE-2024-22017</cvename>
<cvename>CVE-2023-46809</cvename>
<cvename>CVE-2024-21891</cvename>
<cvename>CVE-2024-21890</cvename>
<cvename>CVE-2024-22025</cvename>
<url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#2024-02-14-version-20111-iron-lts-rafaelgss-prepared-by-marco-ippolito</url>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-03-01</entry>
</dates>
</vuln>
<vuln vid="3567456a-6b17-41f7-ba7f-5cd3efb2b7c9">
<topic>electron{27,28} -- Use after free in Mojo</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.4</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.4">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-1670.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1670</cvename>
<url>https://github.com/advisories/GHSA-wjv4-j3hc-gxvv</url>
</references>
<dates>
<discovery>2024-02-28</discovery>
<entry>2024-02-29</entry>
</dates>
</vuln>
<vuln vid="31bb1b8d-d6dc-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>122.0.6261.94</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>122.0.6261.94</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11</li>
<li>[323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1938</cvename>
<cvename>CVE-2024-1939</cvename>
<url>https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html</url>
</references>
<dates>
<discovery>2024-02-27</discovery>
<entry>2024-02-29</entry>
</dates>
</vuln>
<vuln vid="3dada2d5-4e17-4e39-97dd-14fdbd4356fb">
<topic>null -- Routinator terminates when RTR connection is reset too quickly after opening</topic>
<affects>
<package>
<name>null</name>
<range><lt>null</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>sep@nlnetlabs.nl reports:</p>
<blockquote cite="https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt">
<p>Due to a mistake in error checking, Routinator will terminate when
an incoming RTR connection is reset by the peer too quickly after
opening.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1622</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2024-1622</url>
</references>
<dates>
<discovery>2024-02-26</discovery>
<entry>2024-02-28</entry>
</dates>
</vuln>
<vuln vid="02e33cd1-c655-11ee-8613-08002784c58d">
<topic>curl -- OCSP verification bypass with TLS session reuse</topic>
<affects>
<package>
<name>curl</name>
<range><lt>8.6.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Hiroki Kurosawa reports:</p>
<blockquote cite="https://curl.se/docs/CVE-2024-0853.html">
<p>
curl inadvertently kept the SSL session ID for connections
in its cache even when the verify status (OCSP stapling)
test failed. A subsequent transfer to the same hostname
could then succeed if the session ID cache was still
fresh, which then skipped the verify status check.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0853</cvename>
<url>https://curl.se/docs/CVE-2024-0853.html</url>
</references>
<dates>
<discovery>2024-01-31</discovery>
<entry>2024-02-28</entry>
</dates>
</vuln>
<vuln vid="5ecfb588-d2f4-11ee-ad82-dbdfaa8acfc2">
<topic>gitea -- Fix XSS vulnerabilities</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.21.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<ul>
<li>The Wiki page did not sanitize author name</li>
<li>the reviewer name on a "dismiss review" comment is also affected</li>
<li>the migration page has some spots</li>
</ul>
</body>
</description>
<references>
<url>https://blog.gitea.com/release-of-1.21.6/</url>
</references>
<dates>
<discovery>2024-02-23</discovery>
<entry>2024-02-24</entry>
</dates>
</vuln>
<vuln vid="2a470712-d351-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>122.0.6261.57</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>122.0.6261.57</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html">
<p>This update includes 12 security fixes:</p>
<ul>
<li>[41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26</li>
<li>[41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06</li>
<li>[41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03</li>
<li>[41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19</li>
<li>[41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11</li>
<li>[40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27</li>
<li>[41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21</li>
<li>[40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html</url>
</references>
<dates>
<discovery>2024-02-20</discovery>
<entry>2024-02-24</entry>
</dates>
</vuln>
<vuln vid="6a851dc0-cfd2-11ee-ac09-6c3be5272acd">
<topic>Grafana -- Email verification is not required after email change</topic>
<affects>
<package>
<name>grafana</name>
<range><lt>9.5.16</lt></range>
<range><ge>10.0.0</ge><lt>10.0.11</lt></range>
<range><ge>10.1.0</ge><lt>10.1.7</lt></range>
<range><ge>10.2.0</ge><lt>10.2.4</lt></range>
<range><ge>10.3.0</ge><lt>10.3.3</lt></range>
</package>
<package>
<name>grafana9</name>
<range><lt>9.5.16</lt></range>
</package>
<package>
<name>grafana10</name>
<range><lt>10.0.11</lt></range>
<range><ge>10.1.0</ge><lt>10.1.7</lt></range>
<range><ge>10.2.0</ge><lt>10.2.4</lt></range>
<range><ge>10.3.0</ge><lt>10.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2024/02/14/grafana-security-release-medium-severity-security-fix-for-cve-2023-6152/">
<p>The vulnerability impacts instances where
<a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/grafana/">
Grafana basic authentication</a> is enabled.</p>
<p>Grafana has a
<a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#verify_email_enabled">
verify_email_enabled</a> configuration option. When this option is enabled,
users are required to confirm their email addresses before the sign-up process
is complete. However, the email is only checked at the time of the sign-up.
No further verification is carried out if a user’s email address is updated
after the initial sign-up. Moreover, Grafana allows using an email address
as the user’s login name, and no verification is ever carried out for this email
address.</p>
<p>This means that even if the
<a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#verify_email_enabled">
verify_email_enabled</a> configuration option is enabled, users can use
unverified email addresses to log into Grafana if the email address
has been changed after the sign up, or if an email address is set as the login
name.</p>
<p>The CVSS score for this vulnerability is [5.4 Medium] (CVSS).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6152</cvename>
<url>https://grafana.com/security/security-advisories/cve-2023-6152/</url>
</references>
<dates>
<discovery>2023-11-10</discovery>
<entry>2024-02-20</entry>
</dates>
</vuln>
<vuln vid="255bf44c-d298-11ee-9c27-40b034429ecf">
<topic>dns/c-ares -- malformatted file causes application crash</topic>
<affects>
<package>
<name>c-ares</name>
<range><lt>1.27.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>c-ares project reports:</p>
<blockquote cite="https://c-ares.org/changelog.html">
<p>Reading malformatted /etc/resolv.conf, /etc/nsswitch.conf or the HOSTALIASES file could result in a crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-25629</cvename>
<url>https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q</url>
</references>
<dates>
<discovery>2024-02-23</discovery>
<entry>2024-02-23</entry>
</dates>
</vuln>
<vuln vid="979dc373-d27d-11ee-8b84-b42e991fc52e">
<topic>suricata -- multiple vulnerabilities</topic>
<affects>
<package>
<name>suricata</name>
<range><lt>7.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Suricata team reports:</p>
<blockquote cite="https://suricata.io/2024/02/08/suricata-7-0-3-and-6-0-16-released/">
<p>Multiple vulnerabilities fixed in the last release of suricata.</p>
</blockquote>
<p>No details have been disclosed yet</p>
</body>
</description>
<references>
<cvename>CVE-2024-23839</cvename>
<cvename>CVE-2024-23836</cvename>
<cvename>CVE-2024-23835</cvename>
<cvename>CVE-2024-24568</cvename>
<cvename>CVE-2024-23837</cvename>
</references>
<dates>
<discovery>2024-01-22</discovery>
<entry>2024-02-23</entry>
</dates>
</vuln>
<vuln vid="80ad6d6c-b398-457f-b88f-bf6be0bbad44">
<topic>electron27 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.3">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-1283.</li>
<li>Security: backported fix for CVE-2024-1284.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1283</cvename>
<url>https://github.com/advisories/GHSA-7mgj-p9v3-3vxr</url>
<cvename>CVE-2024-1284</cvename>
<url>https://github.com/advisories/GHSA-pf89-rhhw-xmhp</url>
</references>
<dates>
<discovery>2024-02-21</discovery>
<entry>2024-02-23</entry>
</dates>
</vuln>
<vuln vid="03bf5157-d145-11ee-acee-001b217b3468">
<topic>Gitlab -- Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.9.0</ge><lt>16.9.1</lt></range>
<range><ge>16.8.0</ge><lt>16.8.3</lt></range>
<range><ge>11.3.0</ge><lt>16.7.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/">
<p>Stored-XSS in user's profile page</p>
<p>User with "admin_group_members" permission can invite other groups to gain owner access</p>
<p>ReDoS issue in the Codeowners reference extractor</p>
<p>LDAP user can reset password using secondary email and login using direct authentication</p>
<p>Bypassing group ip restriction settings to access environment details of projects through Environments/Operations Dashboard</p>
<p>Users with the Guest role can change Custom dashboard projects settings for projects in the victim group</p>
<p>Group member with sub-maintainer role can change title of shared private deploy keys</p>
<p>Bypassing approvals of CODEOWNERS</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1451</cvename>
<cvename>CVE-2023-6477</cvename>
<cvename>CVE-2023-6736</cvename>
<cvename>CVE-2024-1525</cvename>
<cvename>CVE-2023-4895</cvename>
<cvename>CVE-2024-0861</cvename>
<cvename>CVE-2023-3509</cvename>
<cvename>CVE-2024-0410</cvename>
<url>https://about.gitlab.com/releases/2024/02/21/security-release-gitlab-16-9-1-released/</url>
</references>
<dates>
<discovery>2024-02-21</discovery>
<entry>2024-02-22</entry>
</dates>
</vuln>
<vuln vid="e15ba624-cca8-11ee-84ca-b42e991fc52e">
<topic>powerdns-recursor -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><lt>5.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://access.redhat.com/security/cve/CVE-2023-50868">
<p>CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155
when RFC 9276 guidance is skipped) allows remote attackers to cause
a denial of service (CPU consumption for SHA-1 computations) via
DNSSEC responses in a random subdomain attack, aka the "NSEC3"
issue. The RFC 5155 specification implies that an algorithm must
perform thousands of iterations of a hash function in certain
situations.</p>
<p>CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035,
6840, and related RFCs) allow remote attackers to cause a denial
of service (CPU consumption) via one or more DNSSEC responses, aka
the "KeyTrap" issue. One of the concerns is that, when
there is a zone with many DNSKEY and RRSIG records, the protocol
specification implies that an algorithm must evaluate all combinations
of DNSKEY and RRSIG records.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-50868</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-50868</url>
<cvename>CVE-2023-50387</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-50387</url>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-02-16</entry>
</dates>
</vuln>
<vuln vid="c97a4ecf-cc25-11ee-b0ee-0050569f0b83">
<topic>nginx-devel -- Multiple Vulnerabilities in HTTP/3</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><ge>1.25.0</ge><lt>1.25.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx development team reports:</p>
<blockquote cite="http://nginx.org/en/security_advisories.html">
<p>When using HTTP/3 a segmentation fault might occur in a
worker process while processing a specially crafted QUIC session.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24989</cvename>
<cvename>CVE-2024-24990</cvename>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-02-15</entry>
</dates>
</vuln>
<vuln vid="46a29f83-cb47-11ee-b609-002590c1f29c">
<topic>FreeBSD -- jail(2) information leak</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>14.0</ge><lt>14.0_5</lt></range>
<range><ge>13.2</ge><lt>13.2_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The jail(2) system call has not limited a visiblity of allocated
TTYs (the kern.ttys sysctl). This gives rise to an information
leak about processes outside the current jail.</p>
<h1>Impact:</h1>
<p>Attacker can get information about TTYs allocated on the host
or in other jails. Effectively, the information printed by "pstat
-t" may be leaked.</p>
</body>
</description>
<references>
<cvename>CVE-2024-25941</cvename>
<freebsdsa>SA-24:02.tty</freebsdsa>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-02-14</entry>
</dates>
</vuln>
<vuln vid="c62285cb-cb46-11ee-b609-002590c1f29c">
<topic>FreeBSD -- bhyveload(8) host file access</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.0</ge><lt>14.0_5</lt></range>
<range><ge>13.2</ge><lt>13.2_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>`bhyveload -h <host-path>` may be used to grant loader access
to the <host-path> directory tree on the host. Affected versions
of bhyveload(8) do not make any attempt to restrict loader's access
to <host-path>, allowing the loader to read any file the host user
has access to.</p>
<h1>Impact:</h1>
<p>In the bhyveload(8) model, the host supplies a userboot.so to
boot with, but the loader scripts generally come from the guest
image. A maliciously crafted script could be used to exfiltrate
sensitive data from the host accessible to the user running
bhyhveload(8), which is often the system root.</p>
</body>
</description>
<references>
<cvename>CVE-2024-25940</cvename>
<freebsdsa>SA-24:01.bhyveload</freebsdsa>
</references>
<dates>
<discovery>2024-02-14</discovery>
<entry>2024-02-14</entry>
</dates>
</vuln>
<vuln vid="4edbea45-cb0c-11ee-86bb-a8a1599412c6">
<topic>chromium -- security fix</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>121.0.6167.184</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>121.0.6167.184</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html">
<p>This update includes 1 security fix.</p>
</blockquote>
</body>
</description>
<references>
<url>https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html</url>
</references>
<dates>
<discovery>2024-02-13</discovery>
<entry>2024-02-14</entry>
</dates>
</vuln>
<vuln vid="21a854cc-cac1-11ee-b7a7-353f1e043d9a">
<topic>DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities</topic>
<affects>
<package>
<name>bind916</name>
<range><lt>9.16.48</lt></range>
</package>
<package>
<name>bind918</name>
<range><lt>9.18.24</lt></range>
</package>
<package>
<name>bind9-devel</name>
<range><lt>9.19.21</lt></range>
</package>
<package>
<name>dnsmasq</name>
<range><lt>2.90</lt></range>
</package>
<package>
<name>dnsmasq-devel</name>
<range><lt>2.90</lt></range>
</package>
<package>
<name>powerdns-recursor</name>
<range><lt>5.0.2</lt></range>
</package>
<package>
<name>unbound</name>
<range><lt>1.19.1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>14.0</ge><lt>14.0_6</lt></range>
<range><ge>13.2</ge><lt>13.2_11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon Kelley reports:</p>
<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html">
<p>If DNSSEC validation is enabled, then an attacker who can force a
DNS server to validate a specially crafted signed domain can use a
lot of CPU in the validator. This only affects dnsmasq installations
with DNSSEC enabled.</p>
</blockquote>
<p>Stichting NLnet Labs reports:</p>
<blockquote cite="https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/">
<p>
The KeyTrap [CVE-2023-50387] vulnerability works by using a
combination of Keys (also colliding Keys), Signatures and number of
RRSETs on a malicious zone. Answers from that zone can force a
DNSSEC validator down a very CPU intensive and time costly
validation path.
</p>
<p>
The NSEC3 [CVE-2023-50868] vulnerability uses specially crafted responses on a
malicious zone with multiple NSEC3 RRSETs to force a DNSSEC
validator down a very CPU intensive and time costly NSEC3 hash
calculation path.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-50387</cvename>
<cvename>CVE-2023-50868</cvename>
<url>https://kb.isc.org/docs/cve-2023-50387</url>
<url>https://kb.isc.org/docs/cve-2023-50868</url>
<url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html</url>
<url>https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released</url>
<url>https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/</url>
<freebsdsa>SA-24:03.unbound</freebsdsa>
</references>
<dates>
<discovery>2024-02-06</discovery>
<entry>2024-02-13</entry>
<modified>2024-04-01</modified>
</dates>
</vuln>
<vuln vid="cbfc1591-c8c0-11ee-b45a-589cfc0f81b0">
<topic>phpmyfaq -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpmyfaq-php81</name>
<name>phpmyfaq-php82</name>
<name>phpmyfaq-php83</name>
<range><lt>3.2.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyFAQ team reports:</p>
<blockquote cite="https://www.phpmyfaq.de/security/advisory-2024-02-05">
<p>phpMyFAQ doesn't implement sufficient checks to avoid XSS when
storing on attachments filenames. The 'sharing FAQ' functionality
allows any unauthenticated actor to misuse the phpMyFAQ application
to send arbitrary emails to a large range of targets. phpMyFAQ's
user removal page allows an attacker to spoof another user's
detail, and in turn make a compelling phishing case for removing
another user's account.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg</url>
<url>https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35</url>
</references>
<dates>
<discovery>2024-02-05</discovery>
<entry>2024-02-11</entry>
</dates>
</vuln>
<vuln vid="f161a5ad-c9bd-11ee-b7a7-353f1e043d9a">
<topic>openexr -- Heap Overflow in Scanline Deep Data Parsing</topic>
<affects>
<package>
<name>openexr</name>
<range><lt>3.1.12</lt></range>
<range><ge>3.2.0</ge><lt>3.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Austin Hackers Anonymous report:</p>
<blockquote cite="https://takeonme.org/cves/CVE-2023-5841.html">
<p>Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability.</p>
</blockquote>
<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2">
<p>[...] it is in a routine that is predominantly used for development and
testing. It is not likely to appear in production code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-5841</cvename>
<url>https://takeonme.org/cves/CVE-2023-5841.html</url>
<url>https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2</url>
</references>
<dates>
<discovery>2023-10-26</discovery>
<entry>2024-02-12</entry>
</dates>
</vuln>
<vuln vid="388eefc0-c93f-11ee-92ce-4ccc6adda413">
<topic>readstat -- Heap buffer overflow in readstat_convert</topic>
<affects>
<package>
<name>readstat</name>
<range><lt>1.1.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Google reports:</p>
<blockquote cite="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991">
<p>A heap buffer overflow exists in readstat_convert.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33991</url>
<url>https://osv.dev/vulnerability/OSV-2021-732</url>
<url>https://github.com/WizardMac/ReadStat/issues/285</url>
</references>
<dates>
<discovery>2021-05-05</discovery>
<entry>2024-02-12</entry>
</dates>
</vuln>
<vuln vid="cb22a9a6-c907-11ee-8d1c-40b034429ecf">
<topic>p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability</topic>
<affects>
<package>
<name>p5-Spreadsheet-ParseExcel</name>
<range><lt>0.66</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Spreadsheet-ParseExcel reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2023-7101">
<p>
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files.
Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability
due to passing unvalidated input from a file into a string-type eval "eval".
Specifically, the issue stems from the evaluation of Number format strings
(not to be confused with printf-style format strings) within the Excel parsing logic.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-7101</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-7101</url>
</references>
<dates>
<discovery>2023-12-29</discovery>
<entry>2024-02-11</entry>
</dates>
</vuln>
<vuln vid="19e6dd1b-c6a5-11ee-9cd0-6cc21735f730">
<topic>postgresql-server -- non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL</topic>
<affects>
<package>
<name>postgresql-server</name>
<range><lt>15.6</lt></range>
<range><lt>14.11</lt></range>
<range><lt>13.14</lt></range>
<range><lt>12.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL Project reports:</p>
<blockquote cite="https://www.postgresql.org/support/security/CVE-2024-0985/">
<p>
One step of a concurrent refresh command was run under
weak security restrictions. If a materialized view's
owner could persuade a superuser or other
high-privileged user to perform a concurrent refresh on
that view, the view's owner could control code executed
with the privileges of the user running REFRESH. The fix
for the vulnerability makes is so that all
user-determined code is run as the view's owner, as
expected.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0985</cvename>
<url>https://www.postgresql.org/support/security/CVE-2024-0985/</url>
</references>
<dates>
<discovery>2024-02-08</discovery>
<entry>2024-02-08</entry>
</dates>
</vuln>
<vuln vid="6b2cba6a-c6a5-11ee-97d0-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.8.0</ge><lt>16.8.2</lt></range>
<range><ge>16.7.0</ge><lt>16.7.5</lt></range>
<range><ge>13.3.0</ge><lt>16.6.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/">
<p>Restrict group access token creation for custom roles</p>
<p>Project maintainers can bypass group's scan result policy block_branch_modification setting</p>
<p>ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax</p>
<p>Resource exhaustion using GraphQL vulnerabilitiesCountByDay</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1250</cvename>
<cvename>CVE-2023-6840</cvename>
<cvename>CVE-2023-6386</cvename>
<cvename>CVE-2024-1066</cvename>
<url>https://about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/</url>
</references>
<dates>
<discovery>2024-02-07</discovery>
<entry>2024-02-08</entry>
</dates>
</vuln>
<vuln vid="33ba2241-c68e-11ee-9ef3-001999f8d30b">
<topic>Composer -- Code execution and possible privilege escalation</topic>
<affects>
<package>
<name>php81-composer</name>
<range><lt>2.7.0</lt></range>
</package>
<package>
<name>php82-composer</name>
<range><lt>2.7.0</lt></range>
</package>
<package>
<name>php83-composer</name>
<range><lt>2.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Copmposer reports:</p>
<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h">
<p>Code execution and possible privilege escalation via
compromised InstalledVersions.php or installed.php.</p>
<p>Several files within the local working directory are
included during the invocation of Composer and in the
context of the executing user.</p>
<p>As such, under certain conditions arbitrary code
execution may lead to local privilege escalation, provide
lateral user movement or malicious code execution when
Composer is invoked within a directory with tampered
files.</p>
<p>All Composer CLI commands are affected, including
composer.phar's self-update.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24821</cvename>
<url>https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h</url>
</references>
<dates>
<discovery>2024-02-08</discovery>
<entry>2024-02-08</entry>
</dates>
</vuln>
<vuln vid="43768ff3-c683-11ee-97d0-001b217b3468">
<topic>Libgit2 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>eza</name>
<range><lt>0.18.2</lt></range>
</package>
<package>
<name>libgit2</name>
<range><ge>1.7.0</ge><lt>1.7.2</lt></range>
<range><lt>1.6.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Git community reports:</p>
<blockquote cite="https://github.com/libgit2/libgit2/releases/tag/v1.7.2">
<p>A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application</p>
<p>A bug in git_revparse_single is fixed that could have caused the function to enter an infinite loop given well-crafted inputs, potentially causing a Denial of Service attack in the calling application</p>
<p>A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24577</cvename>
<url>https://github.com/libgit2/libgit2/releases/tag/v1.7.2</url>
</references>
<dates>
<discovery>2024-02-06</discovery>
<entry>2024-02-08</entry>
<modified>2024-02-14</modified>
</dates>
</vuln>
<vuln vid="19047673-c680-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>121.0.6167.160</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>121.0.6167.160</lt></range>
</package>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.16.p5_5</lt></range>
</package>
<package>
<name>qt6-webengine</name>
<range><lt>6.6.1_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html">
<p>This update includes 3 security fixes:</p>
<ul>
<li>[41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25</li>
<li>[41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1284</cvename>
<cvename>CVE-2024-1283</cvename>
<url>https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-02-06</discovery>
<entry>2024-02-08</entry>
</dates>
</vuln>
<vuln vid="68ae70c5-c5e5-11ee-9768-08002784c58d">
<topic>clamav -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>clamav</name>
<range><lt>1.2.2,1</lt></range>
</package>
<package>
<name>clamav-lts</name>
<range><lt>1.0.5,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The ClamAV project reports:</p>
<blockquote cite="https://blog.clamav.net/2023/11/clamav-130-122-105-released.html">
<dl>
<dt>CVE-2024-20290</dt>
<dd>
A vulnerability in the OLE2 file format parser of ClamAV
could allow an unauthenticated, remote attacker to cause
a denial of service (DoS) condition on an affected
device. This vulnerability is due to an incorrect check
for end-of-string values during scanning, which may
result in a heap buffer over-read. An attacker could
exploit this vulnerability by submitting a crafted file
containing OLE2 content to be scanned by ClamAV on an
affected device. A successful exploit could allow the
attacker to cause the ClamAV scanning process to
terminate, resulting in a DoS condition on the affected
software and consuming available system resources.
</dd>
<dt>CVE-2024-20328</dt>
<dd>
Fixed a possible command injection vulnerability in the
"VirusEvent" feature of ClamAV's ClamD
service. To fix this issue, we disabled the '%f' format
string parameter. ClamD administrators may continue to
use the `CLAM_VIRUSEVENT_FILENAME` environment variable,
instead of '%f'. But you should do so only from within
an executable, such as a Python script, and not directly
in the clamd.conf "VirusEvent" command.
</dd>
</dl>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-20290</cvename>
<cvename>CVE-2024-20328</cvename>
<url>https://blog.clamav.net/2023/11/clamav-130-122-105-released.html</url>
</references>
<dates>
<discovery>2024-02-07</discovery>
<entry>2024-02-07</entry>
</dates>
</vuln>
<vuln vid="e0f6215b-c59e-11ee-a6db-080027a5b8e9">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py39-django32</name>
<name>py310-django32</name>
<name>py311-django32</name>
<range><lt>3.2.24</lt></range>
</package>
<package>
<name>py39-django42</name>
<name>py310-django42</name>
<name>py311-django42</name>
<range><lt>4.2.8</lt></range>
</package>
<package>
<name>py311-django50</name>
<range><lt>5.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2024/feb/06/security-releases/">
<p>CVE-2024-24680:Potential denial-of-service in intcomma template filter.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-24680</cvename>
<url>https://www.djangoproject.com/weblog/2024/feb/06/security-releases/</url>
</references>
<dates>
<discovery>2024-01-09</discovery>
<entry>2024-02-07</entry>
</dates>
</vuln>
<vuln vid="dc9e5237-c197-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>121.0.6167.139</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>121.0.6167.139</lt></range>
</package>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.16.p5_5</lt></range>
</package>
<package>
<name>qt6-webengine</name>
<range><lt>6.6.1_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14</li>
<li>[1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29</li>
<li>[1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-1060</cvename>
<cvename>CVE-2024-1059</cvename>
<cvename>CVE-2024-1077</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html</url>
</references>
<dates>
<discovery>2024-01-30</discovery>
<entry>2024-02-02</entry>
</dates>
</vuln>
<vuln vid="72d6d757-c197-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>121.0.6167.85</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>121.0.6167.85</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html">
<p>This update includes 17 security fixes:</p>
<ul>
<li>[1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19</li>
<li>[1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24</li>
<li>[1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26</li>
<li>[1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11</li>
<li>[1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30</li>
<li>[1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25</li>
<li>[1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01</li>
<li>[1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03</li>
<li>[1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21</li>
<li>[1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0812</cvename>
<cvename>CVE-2024-0808</cvename>
<cvename>CVE-2024-0810</cvename>
<cvename>CVE-2024-0814</cvename>
<cvename>CVE-2024-0813</cvename>
<cvename>CVE-2024-0806</cvename>
<cvename>CVE-2024-0805</cvename>
<cvename>CVE-2024-0804</cvename>
<cvename>CVE-2024-0811</cvename>
<cvename>CVE-2024-0809</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html</url>
</references>
<dates>
<discovery>2024-01-23</discovery>
<entry>2024-02-02</entry>
</dates>
</vuln>
<vuln vid="13a8c4bf-cb2b-48ec-b49c-a3875c72b3e8">
<topic>electron{26,27,28} -- Use after free in Web Audio</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.8</lt></range>
</package>
<package>
<name>electron27</name>
<range><lt>27.3.1</lt></range>
</package>
<package>
<name>electron28</name>
<range><lt>28.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers reports:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.8">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-0807.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0807</cvename>
<url>https://github.com/advisories/GHSA-hjm7-v5pw-x89r</url>
</references>
<dates>
<discovery>2024-01-31</discovery>
<entry>2024-02-01</entry>
</dates>
</vuln>
<vuln vid="bbcb1584-c068-11ee-bdd6-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.16.p5_5</lt></range>
</package>
<package>
<name>qt6-webengine</name>
<range><lt>6.6.1_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based">
<p>Backports for 3 security bugs in Chromium:</p>
<ul>
<li>[1505080] High CVE-2024-0807: Use after free in WebAudio</li>
<li>[1504936] Critical CVE-2024-0808: Integer underflow in WebUI</li>
<li>[1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0807</cvename>
<cvename>CVE-2024-0808</cvename>
<cvename>CVE-2024-0810</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based</url>
</references>
<dates>
<discovery>2024-01-30</discovery>
<entry>2024-01-31</entry>
</dates>
</vuln>
<vuln vid="10dee731-c069-11ee-9190-84a93843eb75">
<topic>OpenSSL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.13,1</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.13</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.5</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.5</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240125.txt">
<p>Excessive time spent checking invalid RSA public keys (CVE-2023-6237)</p>
<p>PKCS12 Decoding crashes (CVE-2024-0727)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0727</cvename>
<cvename>CVE-2023-6237</cvename>
<url>https://www.openssl.org/news/secadv/20240125.txt</url>
<url>https://www.openssl.org/news/secadv/20240115.txt</url>
<url>https://www.openssl.org/news/openssl-3.0-notes.html</url>
<url>https://www.openssl.org/news/openssl-3.1-notes.html</url>
<url>https://www.openssl.org/news/openssl-3.2-notes.html</url>
</references>
<dates>
<discovery>2024-01-30</discovery>
<entry>2024-01-31</entry>
</dates>
</vuln>
<vuln vid="67c2eb06-5579-4595-801b-30355be24654">
<topic>lizard -- Negative size passed to memcpy resulting in memory corruption</topic>
<affects>
<package>
<name>lizard</name>
<range><lt>1.0_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cve@mitre.org reports:</p>
<blockquote cite="https://github.com/inikep/lizard/issues/16">
<p>In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product
was renamed), there is an unchecked buffer size during a memcpy in
the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h).
Remote attackers can leverage this vulnerability to cause a denial
of service via a crafted input file, as well as achieve remote code
execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2018-11498</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2018-11498</url>
</references>
<dates>
<discovery>2018-05-26</discovery>
<entry>2024-01-31</entry>
</dates>
</vuln>
<vuln vid="a25b323a-bed9-11ee-bdd6-4ccc6adda413">
<topic>qt6-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt6-webengine</name>
<range><lt>6.6.1_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based">
<p>Backports for 15 security bugs in Chromium:</p>
<ul>
<li>[1505053] High CVE-2023-6345: Integer overflow in Skia</li>
<li>[1500856] High CVE-2023-6346: Use after free in WebAudio</li>
<li>[1494461] High CVE-2023-6347: Use after free in Mojo</li>
<li>[1501326] High CVE-2023-6702: Type Confusion in V8</li>
<li>[1502102] High CVE-2023-6703: Use after free in Blink</li>
<li>[1505708] High CVE-2023-6705: Use after free in WebRTC</li>
<li>[1500921] High CVE-2023-6706: Use after free in FedCM</li>
<li>[1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC</li>
<li>[1501798] High CVE-2024-0222: Use after free in ANGLE</li>
<li>[1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE</li>
<li>[1505086] High CVE-2024-0224: Use after free in WebAudio</li>
<li>[1506923] High CVE-2024-0225: Use after free in WebGPU</li>
<li>[1513379] High CVE-2024-0333: Insufficient data validation in Extensions</li>
<li>[1507412] High CVE-2024-0518: Type Confusion in V8</li>
<li>[1517354] High CVE-2024-0519: Out of bounds memory access in V8</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6345</cvename>
<cvename>CVE-2023-6346</cvename>
<cvename>CVE-2023-6347</cvename>
<cvename>CVE-2023-6702</cvename>
<cvename>CVE-2023-6703</cvename>
<cvename>CVE-2023-6705</cvename>
<cvename>CVE-2023-6706</cvename>
<cvename>CVE-2023-7024</cvename>
<cvename>CVE-2024-0222</cvename>
<cvename>CVE-2024-0223</cvename>
<cvename>CVE-2024-0224</cvename>
<cvename>CVE-2024-0225</cvename>
<cvename>CVE-2024-0333</cvename>
<cvename>CVE-2024-0518</cvename>
<cvename>CVE-2024-0519</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=112-based</url>
</references>
<dates>
<discovery>2024-01-08</discovery>
<entry>2024-01-29</entry>
</dates>
</vuln>
<vuln vid="a11e7dd1-bed4-11ee-bdd6-4ccc6adda413">
<topic>qt5-webengine -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>qt5-webengine</name>
<range><lt>5.15.16.p5_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qt qtwebengine-chromium repo reports:</p>
<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based">
<p>Backports for 8 security bugs in Chromium:</p>
<ul>
<li>[1505053] High CVE-2023-6345: Integer overflow in Skia</li>
<li>[1501326] High CVE-2023-6702: Type Confusion in V8</li>
<li>[1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC</li>
<li>[1501798] High CVE-2024-0222: Use after free in ANGLE</li>
<li>[1505086] High CVE-2024-0224: Use after free in WebAudio</li>
<li>[1513379] High CVE-2024-0333: Insufficient data validation in Extensions</li>
<li>[1507412] High CVE-2024-0518: Type Confusion in V8</li>
<li>[1517354] High CVE-2024-0519: Out of bounds memory access in V8</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6345</cvename>
<cvename>CVE-2023-6702</cvename>
<cvename>CVE-2023-7024</cvename>
<cvename>CVE-2024-0222</cvename>
<cvename>CVE-2024-0224</cvename>
<cvename>CVE-2024-0333</cvename>
<cvename>CVE-2024-0518</cvename>
<cvename>CVE-2024-0519</cvename>
<url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based</url>
</references>
<dates>
<discovery>2024-01-08</discovery>
<entry>2024-01-29</entry>
</dates>
</vuln>
<vuln vid="b5e22ec5-bc4b-11ee-b0b5-b42e991fc52e">
<topic>rclone -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>rclone</name>
<range><lt>1.65.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Multiple vulnerabilities in ssh and golang</p>
<blockquote cite="https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e">
<ul>
<li>
CVE-2023-45286: HTTP request body disclosure in go-resty
disclosure across requests.
</li>
<li>
CVE-2023-48795: The SSH transport protocol with certain
OpenSSH extensions, found in OpenSSH before 9.6 and
other products, allows remote attackers to bypass
integrity checks.
</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-45286</cvename>
<cvename>CVE-2023-48795</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-45286</url>
<url>https://nvd.nist.gov/vuln/detail/CVE-2023-48795</url>
</references>
<dates>
<discovery>2023-11-28</discovery>
<entry>2024-01-26</entry>
</dates>
</vuln>
<vuln vid="61fe903b-bc2e-11ee-b06e-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.8.0</ge><lt>16.8.1</lt></range>
<range><ge>16.7.0</ge><lt>16.7.4</lt></range>
<range><ge>16.6.0</ge><lt>16.6.6</lt></range>
<range><ge>12.7.0</ge><lt>16.5.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/">
<p>Arbitrary file write while creating workspace</p>
<p>ReDoS in Cargo.toml blob viewer</p>
<p>Arbitrary API PUT requests via HTML injection in user's name</p>
<p>Disclosure of the public email in Tags RSS Feed</p>
<p>Non-Member can update MR Assignees of owned MRs</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0402</cvename>
<cvename>CVE-2023-6159</cvename>
<cvename>CVE-2023-5933</cvename>
<cvename>CVE-2023-5612</cvename>
<cvename>CVE-2024-0456</cvename>
<url>https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/</url>
</references>
<dates>
<discovery>2024-01-25</discovery>
<entry>2024-01-26</entry>
</dates>
</vuln>
<vuln vid="8b03d274-56ca-489e-821a-cf32f07643f0">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.422</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.426.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2024-01-24/">
<h1>Description</h1>
<h5>(Critical) SECURITY-3314 / CVE-2024-23897</h5>
<p>Arbitrary file read vulnerability through the CLI can lead to RCE</p>
<h1>Description</h1>
<h5>(High) SECURITY-3315 / CVE-2024-23898</h5>
<p>Cross-site WebSocket hijacking vulnerability in the CLI</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-23897</cvename>
<cvename>CVE-2024-23898</cvename>
<url>https://www.jenkins.io/security/advisory/2024-01-24/</url>
</references>
<dates>
<discovery>2024-01-24</discovery>
<entry>2024-01-24</entry>
</dates>
</vuln>
<vuln vid="9532a361-b84d-11ee-b0d7-84a93843eb75">
<topic>TinyMCE -- mXSS in multiple plugins</topic>
<affects>
<package>
<name>tinymce</name>
<range><lt>6.7.3</lt></range>
</package>
<package>
<name>roundcube</name>
<range><lt>1.6.6,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>TinyMCE reports:</p>
<blockquote cite="https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8">
<p>Special characters in unescaped text nodes can trigger mXSS
when using TinyMCE undo/redo, getContentAPI, resetContentAPI,
and Autosave plugin</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-48219</cvename>
<url>https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8</url>
<url>https://github.com/roundcube/roundcubemail/releases/tag/1.6.6</url>
</references>
<dates>
<discovery>2023-11-15</discovery>
<entry>2024-01-23</entry>
</dates>
</vuln>
<vuln vid="fedf7e71-61bd-49ec-aaf0-6da14bdbb319">
<topic>zeek -- potential DoS vulnerability</topic>
<affects>
<package>
<name>zeek</name>
<range><lt>6.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Wojtulewicz of Corelight reports:</p>
<blockquote cite="https://github.com/zeek/zeek/releases/tag/v6.0.3">
<p>A specially-crafted series of packets containing nested
MIME entities can cause Zeek to spend large amounts of
time parsing the entities. </p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zeek/zeek/releases/tag/v6.0.3</url>
</references>
<dates>
<discovery>2024-01-22</discovery>
<entry>2024-01-22</entry>
</dates>
</vuln>
<vuln vid="2264566a-a890-46eb-a895-7881dd220bd0">
<topic>electron26 -- Out of bounds memory access in V8</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.7">
<p>This update fixes the following vulnerability:</p>
<ul>
<li>Security: backported fix for CVE-2024-0519.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0519</cvename>
<url>https://github.com/advisories/GHSA-vg6w-jr5m-86c8</url>
</references>
<dates>
<discovery>2024-01-18</discovery>
<entry>2024-01-19</entry>
</dates>
</vuln>
<vuln vid="a8326b61-eda0-4c03-9a5b-49ebd8f41c1a">
<topic>electron{26,27} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.6</lt></range>
</package>
<package>
<name>electron27</name>
<range><lt>27.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.2.3">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-0518.</li>
<li>Security: backported fix for CVE-2024-0517.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0518</cvename>
<url>https://github.com/advisories/GHSA-4pvg-f3m8-ff3j</url>
<cvename>CVE-2024-0517</cvename>
<url>https://github.com/advisories/GHSA-v39r-662x-j524</url>
</references>
<dates>
<discovery>2024-01-17</discovery>
<entry>2024-01-17</entry>
<modified>2024-01-18</modified>
</dates>
</vuln>
<vuln vid="1bc07be0-b514-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>120.0.6099.224</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>120.0.6099.224</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html">
<p>This update includes 4 security fixes:</p>
<ul>
<li>[1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06</li>
<li>[1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03</li>
<li>[1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0517</cvename>
<cvename>CVE-2024-0518</cvename>
<cvename>CVE-2024-0519</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html</url>
</references>
<dates>
<discovery>2024-01-16</discovery>
<entry>2024-01-17</entry>
</dates>
</vuln>
<vuln vid="7467c611-b490-11ee-b903-001fc69cd6dc">
<topic>xorg server -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>xorg-server</name>
<name>xephyr</name>
<name>xorg-vfbserver</name>
<range><lt>21.1.11,1</lt></range>
</package>
<package>
<name>xorg-nextserver</name>
<range><lt>21.1.11,2</lt></range>
</package>
<package>
<name>xwayland</name>
<range><lt>23.2.4</lt></range>
</package>
<package>
<name>xwayland-devel</name>
<range><lt>21.0.99.1.653</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The X.Org project reports:</p>
<blockquote cite="https://lists.x.org/archives/xorg/2024-January/061525.html">
<ul>
<li>CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent
and ProcXIQueryPointer
<p>Both DeviceFocusEvent and the XIQueryPointer reply contain a bit
for each logical button currently down. Buttons can be arbitrarily
mapped to any value up to 255 but the X.Org Server was only
allocating space for the device's number of buttons,
leading to a heap overflow if a bigger value was used.</p></li>
<li>CVE-2024-0229: Reattaching to different master device may lead
to out-of-bounds memory access
<p>If a device has both a button class and a key class and
numButtons is zero, we can get an out-of-bounds write due
to event under-allocation in the DeliverStateNotifyEvent
function.</p></li>
<li>CVE-2024-21885: Heap buffer overflow in
XISendDeviceHierarchyEvent
<p>The XISendDeviceHierarchyEvent() function allocates space to
store up to MAXDEVICES (256) xXIHierarchyInfo structures in info.
If a device with a given ID was removed and a new device with
the same ID added both in the same operation,
the single device ID will lead to two info structures being
written to info.
Since this case can occur for every device ID at once,
a total of two times MAXDEVICES info structures might be written
to the allocation, leading to a heap buffer overflow.</p></li>
<li>CVE-2024-21886: Heap buffer overflow in DisableDevice
<p>The DisableDevice() function is called whenever an enabled device
is disabled and it moves the device from the inputInfo.devices
linked list to the inputInfo.off_devices linked list.
However, its link/unlink operation has an issue during the recursive
call to DisableDevice() due to the prev pointer pointing to a
removed device.
This issue leads to a length mismatch between the total number of
devices and the number of device in the list, leading to a heap
overflow and, possibly, to local privilege escalation.</p></li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6816</cvename>
<cvename>CVE-2024-0229</cvename>
<cvename>CVE-2024-21885</cvename>
<cvename>CVE-2024-21886</cvename>
<url>https://lists.x.org/archives/xorg/2024-January/061525.html</url>
</references>
<dates>
<discovery>2024-01-16</discovery>
<entry>2024-01-16</entry>
</dates>
</vuln>
<vuln vid="28b42ef5-80cd-440c-904b-b7fbca74c73d">
<topic>electron{26,27} -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.5</lt></range>
</package>
<package>
<name>electron27</name>
<range><lt>27.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.5">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2024-0224.</li>
<li>Security: backported fix for CVE-2024-0225.</li>
<li>Security: backported fix for CVE-2024-0223.</li>
<li>Security: backported fix for CVE-2024-0222.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0224</cvename>
<url>https://github.com/advisories/GHSA-83wx-v283-85g9</url>
<cvename>CVE-2024-0225</cvename>
<url>https://github.com/advisories/GHSA-gqr9-4fcc-c9jq</url>
<cvename>CVE-2024-0223</cvename>
<url>https://github.com/advisories/GHSA-w8x8-g534-x4rp</url>
<cvename>CVE-2024-0222</cvename>
<url>https://github.com/advisories/GHSA-c87c-56pw-mwgh</url>
</references>
<dates>
<discovery>2024-01-10</discovery>
<entry>2024-01-12</entry>
</dates>
</vuln>
<vuln vid="4c8c2218-b120-11ee-90ec-001b217b3468">
<topic>Gitlab -- vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>16.7.0</ge><lt>16.7.2</lt></range>
<range><ge>16.6.0</ge><lt>16.6.4</lt></range>
<range><ge>8.13.0</ge><lt>16.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/">
<p>Account Takeover via Password Reset without user interactions</p>
<p>Attacker can abuse Slack/Mattermost integrations to execute slash commands as another user</p>
<p>Bypass CODEOWNERS approval removal</p>
<p>Workspaces able to be created under different root namespace</p>
<p>Commit signature validation ignores headers after signature</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-7028</cvename>
<cvename>CVE-2023-5356</cvename>
<cvename>CVE-2023-4812</cvename>
<cvename>CVE-2023-6955</cvename>
<cvename>CVE-2023-2030</cvename>
<url>https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/</url>
</references>
<dates>
<discovery>2024-01-11</discovery>
<entry>2024-01-12</entry>
</dates>
</vuln>
<vuln vid="8337251b-b07b-11ee-b0d7-84a93843eb75">
<topic>OpenSSL -- Vector register corruption on PowerPC</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>3.0.12_2,1</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.12_2</lt></range>
</package>
<package>
<name>openssl31</name>
<range><lt>3.1.4_2</lt></range>
</package>
<package>
<name>openssl31-quictls</name>
<range><lt>3.1.4_2</lt></range>
</package>
<package>
<name>openssl32</name>
<range><lt>3.2.0_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SO-AND-SO reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20240109.txt">
<p>The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6129</cvename>
<url>https://www.openssl.org/news/secadv/20240109.txt</url>
</references>
<dates>
<discovery>2024-01-09</discovery>
<entry>2024-01-11</entry>
</dates>
</vuln>
<vuln vid="ec8e4040-afcd-11ee-86bb-a8a1599412c6">
<topic>chromium -- security fix</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>120.0.6099.216</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>120.0.6099.216</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html">
<p>This update includes 1 security fix:</p>
<ul>
<li>[1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0333</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html</url>
</references>
<dates>
<discovery>2024-01-09</discovery>
<entry>2024-01-10</entry>
</dates>
</vuln>
<vuln vid="e2f981f1-ad9e-11ee-8b55-4ccc6adda413">
<topic>QtNetwork -- potential buffer overflow</topic>
<affects>
<package>
<name>qt5-network</name>
<range><lt>5.15.12p148_1</lt></range>
</package>
<package>
<name>qt6-base</name>
<range><lt>6.6.1_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andy Shaw reports:</p>
<blockquote cite="https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation">
<p>A potential integer overflow has been discovered in Qt's HTTP2
implementation. If the HTTP2 implementation receives more than 4GiB
in total headers, or more than 2GiB for any given header pair, then
the internal buffers may overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-51714</cvename>
<url>https://www.qt.io/blog/security-advisory-potential-integer-overflow-in-qts-http2-implementation</url>
</references>
<dates>
<discovery>2023-12-14</discovery>
<entry>2024-01-07</entry>
</dates>
</vuln>
<vuln vid="1f0d0024-ac9c-11ee-8e91-1c697a013f4b">
<topic>mantis -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mantis-php74</name>
<name>mantis-php80</name>
<name>mantis-php81</name>
<name>mantis-php82</name>
<name>mantis-php83</name>
<range><lt>2.25.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mantis 2.25.8 release reports:</p>
<blockquote cite="https://mantisbt.org/bugs/changelog_page.php?version_id=370">
<p>Security and maintenance release</p>
<ul>
<li>0032432: Update guzzlehttp/psr7 to 1.9.1 (CVE-2023-29197)</li>
<li>0032981: Information Leakage on DokuWiki Integration (CVE-2023-44394)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-29197</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29197</url>
<cvename>CVE-2023-44394</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44394</url>
</references>
<dates>
<discovery>2023-10-14</discovery>
<entry>2024-01-06</entry>
</dates>
</vuln>
<vuln vid="3ee577a9-aad4-11ee-86bb-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>120.0.6099.199</lt></range>
</package>
<package>
<name>ungoogled-chromium</name>
<range><lt>120.0.6099.199</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html">
<p>This update includes 6 security fixes:</p>
<ul>
<li>[1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13</li>
<li>[1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24</li>
<li>[1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25</li>
<li>[1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2024-0222</cvename>
<cvename>CVE-2024-0223</cvename>
<cvename>CVE-2024-0224</cvename>
<cvename>CVE-2024-0225</cvename>
<url>https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2024-01-03</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="d1b20e09-dbdf-432b-83c7-89f0af76324a">
<topic>electron27 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron27</name>
<range><lt>27.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.2.1">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2023-6706.</li>
<li>Security: backported fix for CVE-2023-6705.</li>
<li>Security: backported fix for CVE-2023-6703.</li>
<li>Security: backported fix for CVE-2023-6702.</li>
<li>Security: backported fix for CVE-2023-6704.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6706</cvename>
<url>https://github.com/advisories/GHSA-jqrg-rvpw-5fw5</url>
<cvename>CVE-2023-6705</cvename>
<url>https://github.com/advisories/GHSA-h27f-fw5q-c2gh</url>
<cvename>CVE-2023-6703</cvename>
<url>https://github.com/advisories/GHSA-9v72-359m-2vx4</url>
<cvename>CVE-2023-6702</cvename>
<url>https://github.com/advisories/GHSA-7hjc-c62g-4w73</url>
<cvename>CVE-2023-6704</cvename>
<url>https://github.com/advisories/GHSA-587x-fmc5-99p9</url>
</references>
<dates>
<discovery>2024-01-04</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="0cee4f9c-5efb-4770-b917-f4e4569e8bec">
<topic>electron26 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>electron26</name>
<range><lt>26.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Electron developers report:</p>
<blockquote cite="https://github.com/electron/electron/releases/tag/v26.6.4">
<p>This update fixes the following vulnerabilities:</p>
<ul>
<li>Security: backported fix for CVE-2023-6704.</li>
<li>Security: backported fix for CVE-2023-6705.</li>
<li>Security: backported fix for CVE-2023-6703.</li>
<li>Security: backported fix for CVE-2023-6702.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2023-6704</cvename>
<url>https://github.com/advisories/GHSA-587x-fmc5-99p9</url>
<cvename>CVE-2023-6705</cvename>
<url>https://github.com/advisories/GHSA-h27f-fw5q-c2gh</url>
<cvename>CVE-2023-6703</cvename>
<url>https://github.com/advisories/GHSA-9v72-359m-2vx4</url>
<cvename>CVE-2023-6702</cvename>
<url>https://github.com/advisories/GHSA-7hjc-c62g-4w73</url>
</references>
<dates>
<discovery>2024-01-04</discovery>
<entry>2024-01-04</entry>
</dates>
</vuln>
<vuln vid="13d83980-9f18-11ee-8e38-002590c1f29c">
<topic>FreeBSD -- Prefix Truncation Attack in the SSH protocol</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>14.0</ge><lt>14.0_4</lt></range>
<range><ge>13.2</ge><lt>13.2_9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The SSH protocol executes an initial handshake between the
server and the client. This protocol handshake includes the
possibility of several extensions allowing different options to be
selected. Validation of the packets in the handshake is done through
sequence numbers.</p>
<h1>Impact:</h1>
<p>A man in the middle attacker can silently manipulate handshake
messages to truncate extension negotiation messages potentially
leading to less secure client authentication algorithms or deactivating
keystroke timing attack countermeasures.</p>
</body>
</description>
<references>
<cvename>CVE-2023-48795</cvename>
<freebsdsa>SA-23:19.openssh</freebsdsa>
</references>
<dates>
<discovery>2023-12-19</discovery>
<entry>2024-01-02</entry>
</dates>
</vuln>
<vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32">
<topic>gitea -- Prevent anonymous container access</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.21.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>
Even with RequireSignInView enabled, anonymous users can use docker pull
to fetch public images.
</p>
</body>
</description>
<references>
<url>https://blog.gitea.com/release-of-1.21.5/</url>
</references>
<dates>
<discovery>2024-01-24</discovery>
<entry>2024-02-15</entry>
</dates>
</vuln>