parent
7ada95f3c9
commit
96ef0f0904
|
@ -1,3 +1,94 @@
|
|||
<vuln vid="f90bf863-e43c-4db3-b5a8-d9603684657a">
|
||||
<topic>electron{27,28,29} -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>electron27</name>
|
||||
<range><lt>27.3.11</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>electron28</name>
|
||||
<range><lt>28.3.1</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>electron29</name>
|
||||
<range><lt>29.3.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Electron develpers report:</p>
|
||||
<blockquote cite="https://github.com/electron/electron/releases/tag/v27.3.11">
|
||||
<p>This update fixes the following vulnerabilities:</p>
|
||||
<ul>
|
||||
<li>Security: backported fix for CVE-2024-3515.</li>
|
||||
<li>Security: backported fix for CVE-2024-3516.</li>
|
||||
<li>Security: backported fix for CVE-2024-3157.</li>
|
||||
<li>Security: backported fix for CVE-2024-1580.</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2024-3515</cvename>
|
||||
<url>https://github.com/advisories/GHSA-x6cj-gx36-vcxv</url>
|
||||
<cvename>CVE-2024-3516</cvename>
|
||||
<url>https://github.com/advisories/GHSA-jf9g-42gm-v87w</url>
|
||||
<cvename>CVE-2024-3157</cvename>
|
||||
<url>https://github.com/advisories/GHSA-4m4g-p795-cmq7</url>
|
||||
<cvename>CVE-2024-1580</cvename>
|
||||
<url>https://github.com/advisories/GHSA-3p7f-4r2q-wxmm</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2024-04-16</discovery>
|
||||
<entry>2024-04-18</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="6d82c5e9-fc24-11ee-a689-04421a1baf97">
|
||||
<topic>php -- Multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>php81</name>
|
||||
<range><lt>8.1.28</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>php82</name>
|
||||
<range><lt>8.2.18</lt></range>
|
||||
</package>
|
||||
<package>
|
||||
<name>php83</name>
|
||||
<range><lt>8.3.6</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>This update includes 3 security fixes:</p>
|
||||
<blockquote cite="https://seclists.org/oss-sec/2024/q2/113/">
|
||||
<ul>
|
||||
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
|
||||
<li>High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows</li>
|
||||
<li>Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix</li>
|
||||
<li>High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2024-1874</cvename>
|
||||
<url>https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7</url>
|
||||
<cvename>CVE-2024-2756</cvename>
|
||||
<url>https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4</url>
|
||||
<cvename>CVE-2024-3096</cvename>
|
||||
<url>https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr</url>
|
||||
<cvename>CVE-2024-2757</cvename>
|
||||
<url>https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2024-04-11</discovery>
|
||||
<entry>2024-04-16</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="cdb5e0e3-fafc-11ee-9c21-901b0e9408dc">
|
||||
<topic>go -- http2: close connections when receiving too many headers</topic>
|
||||
<affects>
|
||||
|
|
Loading…
Reference in New Issue