Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: e10774d2 by Moritz Muehlenhoff at 2024-05-10T14:25:33+02:00 NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -456,7 +456,7 @@ CVE-2024-29157 (HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read CVE-2024-28075 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) NOT-FOR-US: SolarWinds CVE-2024-24157 (Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea ...) - TODO: check + NOT-FOR-US: Gnuboard CVE-2024-23473 (The SolarWinds Access Rights Manager was found to contain a hard-coded ...) NOT-FOR-US: SolarWinds CVE-2024-22910 (Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10 ...) @@ -1209,7 +1209,7 @@ CVE-2024-3755 (The MF Gig Calendar WordPress plugin through 1.2.1 does not sanit CVE-2024-3752 (The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2024-3661 (DHCP can add routes to a client\u2019s routing table via the classless ...) - TODO: check + NOT-FOR-US: DHCP protocol issue CVE-2024-3576 (The NPort 5100A Series firmware version v1.6 and prior versions are af ...) NOT-FOR-US: Moxa CVE-2024-34538 (Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.) @@ -1436,23 +1436,23 @@ CVE-2023-43530 (Memory corruption in HLOS while checking for the storage type.) CVE-2023-43529 (Transient DOS while processing IKEv2 Informational request messages, w ...) NOT-FOR-US: Qualcomm CVE-2023-43528 (Information disclosure when the ADSP payload size received in HLOS in ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43527 (Information disclosure while parsing dts header atom in Video.) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43526 (Memory corruption while querying module parameters from Listen Sound m ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43525 (Memory corruption while copying the sound model data from user to kern ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43524 (Memory corruption when the bandpass filter order received from AHAL is ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-43521 (Memory corruption when multiple listeners are being registered with th ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-33119 (Memory corruption while loading a VM from a signed VM image that is no ...) - TODO: check + NOT-FOR-US: Qualcomm CVE-2023-32873 (In keyInstall, there is a possible out of bounds write due to a missin ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2023-32871 (In DA, there is a possible permission bypass due to an incorrect statu ...) - TODO: check + NOT-FOR-US: MediaTek CVE-2024-29857 (An issue was discovered in Bouncy Castle Java Cryptography APIs before ...) - bouncycastle <unfixed> (bug #1070655) [bookworm] - bouncycastle <no-dsa> (Minor issue) @@ -2563,13 +2563,13 @@ CVE-2023-42125 (Avast Premium Security Sandbox Protection Link Following Privile CVE-2023-42124 (Avast Premium Security Sandbox Protection Incorrect Authorization Priv ...) NOT-FOR-US: Avast Premium Security Sandbox Protection CVE-2023-42123 (Control Web Panel mysql_manager Command Injection Remote Code Executio ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42122 (Control Web Panel wloggui Command Injection Local Privilege Escalation ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42121 (Control Web Panel Missing Authentication Remote Code Execution Vulnera ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42120 (Control Web Panel dns_zone_editor Command Injection Remote Code Execut ...) - TODO: check + NOT-FOR-US: Control Web Panel CVE-2023-42113 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) NOT-FOR-US: PDF-XChange Editor EMF CVE-2023-42112 (PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Dis ...) @@ -70814,7 +70814,7 @@ CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) NOT-FOR-US: WordPress plugin CVE-2023-31234 (Missing Authorization vulnerability in Tilda Publishing.This issue aff ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) NOT-FOR-US: WordPress plugin CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) @@ -74831,7 +74831,7 @@ CVE-2023-29883 CVE-2023-29882 RESERVED CVE-2023-29881 (phpok 6.4.003 is vulnerable to SQL injection in the function index_f() ...) - TODO: check + NOT-FOR-US: phpok CVE-2023-29880 RESERVED CVE-2023-29879 @@ -83433,7 +83433,7 @@ CVE-2023-27323 (Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privil CVE-2023-27322 (Parallels Desktop Service Improper Initialization Local Privilege Esca ...) NOT-FOR-US: Parallels Desktop CVE-2023-27321 (OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion D ...) - TODO: check + NOT-FOR-US: OPC Foundation UA .NET CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...) - sudo 1.9.13p3-1 (bug #1032163) [bullseye] - sudo <not-affected> (Vulnerable code not present) @@ -85462,7 +85462,7 @@ CVE-2023-1002 (A vulnerability, which was classified as problematic, has been fo CVE-2023-1001 RESERVED CVE-2023-1000 (A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has be ...) - TODO: check + NOT-FOR-US: dcnnt-py CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Sales Tracker Management System CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...) @@ -116639,17 +116639,17 @@ CVE-2021-46847 CVE-2022-43657 RESERVED CVE-2022-43656 (Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosur ...) - TODO: check + NOT-FOR-US: Bentley CVE-2022-43655 (Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code E ...) - TODO: check + NOT-FOR-US: Bentley CVE-2022-43654 (NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerabili ...) - TODO: check + NOT-FOR-US: NETGEAR CVE-2022-43653 (Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Executio ...) - TODO: check + NOT-FOR-US: Bentley CVE-2022-43652 (Bentley View SKP File Parsing Use-After-Free Information Disclosure Vu ...) - TODO: check + NOT-FOR-US: Bentley CVE-2022-43651 (Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vul ...) - TODO: check + NOT-FOR-US: Bentley CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: RARLAB WinRAR CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -122589,7 +122589,7 @@ CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...) NOT-FOR-US: WordPress plugin CVE-2022-40218 (Missing Authorization vulnerability in ThemeHunk Advance WordPress Sea ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...) NOT-FOR-US: WordPress plugin CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...) @@ -147187,23 +147187,23 @@ CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load NOTE: https://github.com/jmespath/jmespath.rb/pull/55 NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1) CVE-2022-32510 (An issue was discovered on certain Nuki Home Solutions devices. The HT ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32509 (An issue was discovered on certain Nuki Home Solutions devices. Lack o ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32508 (An issue was discovered on certain Nuki Home Solutions devices. By sen ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32507 (An issue was discovered on certain Nuki Home Solutions devices. Some B ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32506 (An issue was discovered on certain Nuki Home Solutions devices. An att ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32505 (An issue was discovered on certain Nuki Home Solutions devices. It is ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32504 (An issue was discovered on certain Nuki Home Solutions devices. The co ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32503 (An issue was discovered on certain Nuki Home Solutions devices. An att ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32502 (An issue was discovered on certain Nuki Home Solutions devices. There ...) - TODO: check + NOT-FOR-US: Nuki Home Solutions CVE-2022-32501 RESERVED CVE-2022-32500 @@ -173253,7 +173253,7 @@ CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) NOT-FOR-US: livehelperchat CVE-2022-0369 (Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Tra ...) - TODO: check + NOT-FOR-US: Triangle MicroWorks SCADA CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) NOT-FOR-US: Moxa CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) @@ -213680,13 +213680,13 @@ CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2021-35002 (BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerabi ...) - TODO: check + NOT-FOR-US: BMC Track-It! CVE-2021-35001 (BMC Track-It! GetData Missing Authorization Information Disclosure Vul ...) - TODO: check + NOT-FOR-US: BMC Track-It! CVE-2021-35000 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...) - TODO: check + NOT-FOR-US: OpenBSD CVE-2021-34999 (OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disc ...) - TODO: check + NOT-FOR-US: OpenBSD CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Panda Security Free Antivirus CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -213718,9 +213718,9 @@ CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Bentley ContextCapture CVE-2021-34983 (NETGEAR Multiple Routers httpd Missing Authentication for Critical Fun ...) - TODO: check + NOT-FOR-US: NETGEAR CVE-2021-34982 (NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code ...) - TODO: check + NOT-FOR-US: NETGEAR CVE-2021-34981 (Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vu ...) - linux 5.10.46-1 [buster] - linux 4.19.194-1 @@ -213736,65 +213736,65 @@ CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2021-34976 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34975 (Foxit PDF Reader transitionToState Use-After-Free Remote Code Executio ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34974 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34973 (Foxit PDF Reader PDF File Parsing Use-After-Free Information Disclosur ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34972 (Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulner ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34971 (Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remot ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34970 (Foxit PDF Reader print Method Use of Externally-Controlled Format Stri ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34969 (Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vuln ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34968 (Foxit PDF Editor transitionToState Use-After-Free Remote Code Executio ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34967 (Foxit PDF Editor Line Annotation Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34966 (Foxit PDF Editor FileAttachment Annotation Use-After-Free Remote Code ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34965 (Foxit PDF Editor Squiggly Annotation Use-After-Free Remote Code Execut ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34964 (Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Executi ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34963 (Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execut ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34962 (Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34961 (Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution V ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34960 (Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Executio ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34959 (Foxit PDF Editor Square Annotation Use-After-Free Remote Code Executio ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34958 (Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34957 (Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execu ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34956 (Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execu ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34955 (Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34954 (Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execu ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34953 (Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34952 (Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulne ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34951 (Foxit PDF Reader Annotation Use of Uninitialized Variable Information ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34950 (Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution V ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34949 (Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34948 (Foxit PDF Reader Square Annotation Use-After-Free Remote Code Executio ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34947 (NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulner ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -321232,7 +321232,7 @@ CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) CVE-2020-5200 (Minerbabe through V4.16 ships with SSH host keys baked into the instal ...) - TODO: check + NOT-FOR-US: Minerbabe CVE-2020-5199 RESERVED CVE-2020-5198 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10774d26b4ac2ee4e471797041f8f90c6aa4073 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e10774d26b4ac2ee4e471797041f8f90c6aa4073 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits