Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
35de3dc1 by security tracker role at 2024-01-09T20:11:47+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,201 @@
+CVE-2024-22370 (In JetBrains YouTrack before 2023.3.22666 stored XSS via
markdown was ...)
+ TODO: check
+CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can
encounter ...)
+ TODO: check
+CVE-2024-22165 (In Splunk Enterprise Security (ES) versions lower than 7.1.2,
an attac ...)
+ TODO: check
+CVE-2024-22164 (In Splunk Enterprise Security (ES) versions below 7.1.2, an
attacker c ...)
+ TODO: check
+CVE-2024-21668 (react-native-mmkv is a library that allows easy use of MMKV
inside Rea ...)
+ TODO: check
+CVE-2024-21664 (jwx is a Go module implementing various JWx
(JWA/JWE/JWK/JWS/JWT, othe ...)
+ TODO: check
+CVE-2024-21325 (Microsoft Printer Metadata Troubleshooter Tool Remote Code
Execution V ...)
+ TODO: check
+CVE-2024-21320 (Windows Themes Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21319 (Microsoft Identity Denial of service vulnerability)
+ TODO: check
+CVE-2024-21318 (Microsoft SharePoint Server Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-21316 (Windows Server Key Distribution Service Security Feature
Bypass)
+ TODO: check
+CVE-2024-21314 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-21313 (Windows TCP/IP Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-21312 (.NET Framework Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-21311 (Windows Cryptographic Services Information Disclosure
Vulnerability)
+ TODO: check
+CVE-2024-21310 (Windows Cloud Files Mini Filter Driver Elevation of Privilege
Vulnerab ...)
+ TODO: check
+CVE-2024-21309 (Windows Kernel-Mode Driver Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-21307 (Remote Desktop Client Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-21306 (Microsoft Bluetooth Driver Spoofing Vulnerability)
+ TODO: check
+CVE-2024-21305 (Hypervisor-Protected Code Integrity (HVCI) Security Feature
Bypass Vul ...)
+ TODO: check
+CVE-2024-20700 (Windows Hyper-V Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20699 (Windows Hyper-V Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-20698 (Windows Kernel Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20697 (Windows Libarchive Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20696 (Windows Libarchive Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20694 (Windows CoreMessaging Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-20692 (Microsoft Local Security Authority Subsystem Service
Information Discl ...)
+ TODO: check
+CVE-2024-20691 (Windows Themes Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-20690 (Windows Nearby Sharing Spoofing Vulnerability)
+ TODO: check
+CVE-2024-20687 (Microsoft AllJoyn API Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-20686 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20683 (Win32k Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20682 (Windows Cryptographic Services Remote Code Execution
Vulnerability)
+ TODO: check
+CVE-2024-20681 (Windows Subsystem for Linux Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-20680 (Windows Message Queuing Client (MSMQC) Information Disclosure)
+ TODO: check
+CVE-2024-20677 (<p>A security vulnerability exists in FBX that could lead to
remote co ...)
+ TODO: check
+CVE-2024-20676 (Azure Storage Mover Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20674 (Windows Kerberos Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-20672 (.NET Core and Visual Studio Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-20666 (BitLocker Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-20664 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-20663 (Windows Message Queuing Client (MSMQC) Information Disclosure)
+ TODO: check
+CVE-2024-20662 (Windows Online Certificate Status Protocol (OCSP) Information
Disclosu ...)
+ TODO: check
+CVE-2024-20661 (Microsoft Message Queuing Denial of Service Vulnerability)
+ TODO: check
+CVE-2024-20660 (Microsoft Message Queuing Information Disclosure Vulnerability)
+ TODO: check
+CVE-2024-20658 (Microsoft Virtual Hard Disk Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-20657 (Windows Group Policy Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20656 (Visual Studio Elevation of Privilege Vulnerability)
+ TODO: check
+CVE-2024-20655 (Microsoft Online Certificate Status Protocol (OCSP) Remote
Code Execut ...)
+ TODO: check
+CVE-2024-20654 (Microsoft ODBC Driver Remote Code Execution Vulnerability)
+ TODO: check
+CVE-2024-20653 (Microsoft Common Log File System Elevation of Privilege
Vulnerability)
+ TODO: check
+CVE-2024-20652 (Windows HTML Platforms Security Feature Bypass Vulnerability)
+ TODO: check
+CVE-2024-0343 (A vulnerability classified as problematic was found in
CodeAstro Simpl ...)
+ TODO: check
+CVE-2024-0342 (A vulnerability classified as critical has been found in Inis
up to 2. ...)
+ TODO: check
+CVE-2024-0341 (A vulnerability was found in Inis up to 2.0.1. It has been
rated as pr ...)
+ TODO: check
+CVE-2024-0340 (A vulnerability was found in vhost_new_msg in
drivers/vhost/vhost.c in ...)
+ TODO: check
+CVE-2024-0228
+ REJECTED
+CVE-2024-0226 (Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a
stored ...)
+ TODO: check
+CVE-2024-0213 (A buffer overflow vulnerability in TA for Linux and TA for
MacOS prior ...)
+ TODO: check
+CVE-2024-0206 (A symbolic link manipulation vulnerability in Trellix
Anti-Malware Eng ...)
+ TODO: check
+CVE-2024-0057 (NET, .NET Framework, and Visual Studio Security Feature Bypass
Vulnera ...)
+ TODO: check
+CVE-2024-0056 (Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data
Provider S ...)
+ TODO: check
+CVE-2023-7223 (A vulnerability classified as problematic has been found in
Totolink T ...)
+ TODO: check
+CVE-2023-7222 (A vulnerability was found in Totolink X2000R
1.0.0-B20221212.1452. It ...)
+ TODO: check
+CVE-2023-7221 (A vulnerability was found in Totolink T6
4.1.9cu.5241_B20210923. It ha ...)
+ TODO: check
+CVE-2023-7032 (A CWE-502: Deserialization of untrusted data vulnerability
exists that ...)
+ TODO: check
+CVE-2023-6149 (Qualys Jenkins Plugin for WAS prior to version and including
2.0.11 wa ...)
+ TODO: check
+CVE-2023-6148 (Qualys Jenkins Plugin for Policy Compliance prior to version
and inclu ...)
+ TODO: check
+CVE-2023-6147 (Qualys Jenkins Plugin for Policy Compliance prior to version
and inclu ...)
+ TODO: check
+CVE-2023-5376 (An Improper Authentication vulnerability in Korenix JetNet TFTP
allows ...)
+ TODO: check
+CVE-2023-5347 (An Improper Verification of Cryptographic Signature
vulnerability in t ...)
+ TODO: check
+CVE-2023-51746 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
+ TODO: check
+CVE-2023-51745 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
+ TODO: check
+CVE-2023-51744 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
+ TODO: check
+CVE-2023-51439 (A vulnerability has been identified in JT2Go (All versions <
V14.3.0.6 ...)
+ TODO: check
+CVE-2023-51438 (A vulnerability has been identified in SIMATIC IPC1047E (All
versions ...)
+ TODO: check
+CVE-2023-50974 (In Appwrite CLI before 3.0.0, when using the login command,
the creden ...)
+ TODO: check
+CVE-2023-50585 (Tenda A18 v15.13.07.09 was discovered to contain a stack
overflow via ...)
+ TODO: check
+CVE-2023-49722 (Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50
product ...)
+ TODO: check
+CVE-2023-49621 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
+ TODO: check
+CVE-2023-49252 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
+ TODO: check
+CVE-2023-49251 (A vulnerability has been identified in SIMATIC CN 4100 (All
versions < ...)
+ TODO: check
+CVE-2023-49237 (An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714
devices. ...)
+ TODO: check
+CVE-2023-49236 (A stack-based buffer overflow was discovered on TRENDnet
TV-IP1314PI 5 ...)
+ TODO: check
+CVE-2023-49235 (An issue was discovered in libremote_dbg.so on TRENDnet
TV-IP1314PI 5. ...)
+ TODO: check
+CVE-2023-49132 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49131 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49130 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49129 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49128 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49127 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49126 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49124 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49123 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49122 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-49121 (A vulnerability has been identified in Solid Edge SE2023 (All
versions ...)
+ TODO: check
+CVE-2023-44120 (A vulnerability has been identified in Spectrum Power 7 (All
versions ...)
+ TODO: check
+CVE-2023-42797 (A vulnerability has been identified in CP-8031 MASTER MODULE
(All vers ...)
+ TODO: check
+CVE-2022-48618 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ TODO: check
CVE-2023-41056 [Buffer overflow in certain payloads may lead to remote code
execution]
- redis 5:7.0.15-1 (bug #1060316)
NOTE: Introduced with changes from:
https://github.com/redis/redis/pull/11766
@@ -1569,7 +1767,7 @@ CVE-2023-4674 (Improper Neutralization of Special
Elements used in an SQL Comman
NOT-FOR-US: Yaztek Software Technologies and Computer Systems
E-Commerce Software
CVE-2023-4541 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Ween Software Admin Panel
-CVE-2023-4468 (A vulnerability was found in Poly Trio 8800 and Trio C60. It
has been ...)
+CVE-2023-4468 (A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio
C60. I ...)
NOT-FOR-US: Poly Trio 8800 and Trio C60
CVE-2023-4467 (A vulnerability was found in Poly Trio 8800 7.2.6.0019 and
classified ...)
NOT-FOR-US: Poly Trio 8800
@@ -1581,7 +1779,7 @@ CVE-2023-4464 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4463 (A vulnerability classified as problematic was found in Poly CCX
400, C ...)
NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
-CVE-2023-4462 (A vulnerability classified as problematic has been found in
Poly CCX 4 ...)
+CVE-2023-4462 (A vulnerability classified as problematic has been found in
Poly Trio ...)
NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-49830 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
@@ -2625,7 +2823,7 @@ CVE-2023-6546 (A race condition was found in the GSM 0710
tty multiplexor in the
NOTE:
https://git.kernel.org/linus/3c4f8333b582487a2d1e02171f1465531cde53e3 (6.5-rc7)
CVE-2023-6145 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Istanbul Soft Informatics and Consultancy Limited Company
Softomi Advanced C2C Marketplace Software
-CVE-2023-6129 [POLY1305 MAC implementation corrupts vector registers on
PowerPC]
+CVE-2023-6129 (Issue summary: The POLY1305 MAC (message authentication code)
implemen ...)
- openssl <unfixed>
[bookworm] - openssl <no-dsa> (Minor issue; can be fixed later along
with other issues)
[bullseye] - openssl <not-affected> (Vulnerable code not present)
@@ -82545,9 +82743,9 @@ CVE-2022-43548 (A OS Command Injection vulnerability
exists in Node.js versions
NOTE: Fixed by:
https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f
(v14.x)
CVE-2022-43547
RESERVED
-CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
-CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command
line inter ...)
NOT-FOR-US: Aruba
@@ -82662,7 +82860,7 @@ CVE-2022-43441 (A code execution vulnerability exists
in the Statement Bindings
[buster] - node-sqlite3 <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74
NOTE: Fixed by:
https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781
(v5.1.5)
-CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect
Authorization ...)
NOT-FOR-US: EasyTest
@@ -83057,7 +83255,7 @@ CVE-2022-3592 (A symlink following vulnerability was
found in Samba, where a use
NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html
CVE-2022-43399
REJECTED
-CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q200
family ( ...)
+CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All
versions < ...)
NOT-FOR-US: Siemens
@@ -101288,12 +101486,12 @@ CVE-2022-36767
RESERVED
CVE-2022-36766
RESERVED
-CVE-2022-36765
- RESERVED
-CVE-2022-36764
- RESERVED
-CVE-2022-36763
- RESERVED
+CVE-2022-36765 (EDK2 is susceptible to a vulnerability in the CreateHob()
function, al ...)
+ TODO: check
+CVE-2022-36764 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasurePeImage() fun ...)
+ TODO: check
+CVE-2022-36763 (EDK2 is susceptible to a vulnerability in the
Tcg2MeasureGptTable() fu ...)
+ TODO: check
CVE-2022-36762
RESERVED
CVE-2022-36761
@@ -123451,8 +123649,8 @@ CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay
Portal 7.3.1 through 7.4.2, a
NOT-FOR-US: Liferay
CVE-2022-28976
RESERVED
-CVE-2022-28975
- RESERVED
+CVE-2022-28975 (A stored cross-site scripting (XSS) vulnerability in Infoblox
NIOS v8. ...)
+ TODO: check
CVE-2022-28974
RESERVED
CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack
overflow via t ...)
@@ -299404,7 +299602,7 @@ CVE-2020-1338 (<p>A remote code execution
vulnerability exists in Microsoft Word
NOT-FOR-US: Microsoft
CVE-2020-1337 (<p>An elevation of privilege vulnerability exists when the
Windows Pri ...)
NOT-FOR-US: Microsoft
-CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+CVE-2020-1336 (<p>An elevation of privilege vulnerability exists in the way
that the ...)
NOT-FOR-US: Microsoft
CVE-2020-1335 (<p>A remote code execution vulnerability exists in Microsoft
Excel sof ...)
NOT-FOR-US: Microsoft
@@ -300026,7 +300224,7 @@ CVE-2020-1027 (An elevation of privilege
vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR
JavaScript C ...)
NOT-FOR-US: Microsoft
-CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft
SharePoi ...)
+CVE-2020-1025 (<p>An elevation of privilege vulnerability exists when
Microsoft Share ...)
NOT-FOR-US: Microsoft
CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft
SharePoint w ...)
NOT-FOR-US: Microsoft
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35de3dc1846199e61d7ac6e48c9008b40ebdc49b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35de3dc1846199e61d7ac6e48c9008b40ebdc49b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
